Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

How do I check if I'm still infected? (Cryptor & Any Virus)

Started by MDMedia , Nov 17 2012 03:12 PM

Please log in to reply

#1
MDMedia

Posted 17 November 2012 - 03:12 PM

New Member

Member
5 posts

Hi Guys

I recently had a virus that was more than my PC could handle, so I formatted the HD which took care of most of them.

But I had a lot of data than I can not lose, and had to restore it. I found that a Cryptor variant had infected my files. Although AVG stops it on activation it could not find it to remove it.

I just ran a full scan with Malwarebytes Anti-Malware which showed 8 infections and said that it had removed them. I may be just paranoid. But right now I have no other way of verifying this 100%.

Is that possible?

I found this site and saw some of the impressive stuff you guys are doing. (A little beyond me) But it is all very specific to each user.

So could anyone give me some pointers on where to start?

Ant

Edited by MDMedia, 17 November 2012 - 03:17 PM.

#2
SweetTech

Posted 18 November 2012 - 03:24 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
- Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.
- Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

I just ran a full scan with Malwarebytes Anti-Malware which showed 8 infections and said that it had removed them. I may be just paranoid. But right now I have no other way of verifying this 100%.

Can you please post that log file for me to review?

Is that possible?

It's difficult to say without taking a look at the MalwareBytes' Anti-Malware log file.

NEXT:

Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

NEXT:

Running OTL

We need to create a FULL OTL Report

Please download OTL from here:
- Main Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. MalwareBytes' Anti-Malware log file.
3. aswMBR.exe log file.
4. OTL.txt & Extras.txt log files.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

#3
MDMedia

Posted 18 November 2012 - 10:25 PM

New Member

Topic Starter
Member
5 posts

Thanks for your help

1.) Could you give me some details as to what these programs do & the information your looking for?

2.) Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.17.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Administrator :: SKYNET01 [administrator]

17/11/2012 18:32:49
mbam-log-2012-11-17 (18-32-49).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 306384
Time elapsed: 1 hour(s), 57 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Documents and Settings\Administrator\My Documents\My Datafiles\serials\Extra serials\All EA cd Key.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\STORAGE\My 3d Game Studio\TOOLS\install simple.exe (PUP.BundleInstaller.SOL) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{25F44387-487D-472B-8E47-CB898F8D88AB}\RP22\A0007107.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{25F44387-487D-472B-8E47-CB898F8D88AB}\RP22\A0007550.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{25F44387-487D-472B-8E47-CB898F8D88AB}\RP22\A0007554.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{25F44387-487D-472B-8E47-CB898F8D88AB}\RP23\A0007803.exe (Malware.Packer.Mew) -> Quarantined and deleted successfully.

(end)

3.) aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-19 04:07:48
-----------------------------
04:07:48.781 OS Version: Windows 5.1.2600 Service Pack 2
04:07:48.781 Number of processors: 2 586 0x403
04:07:48.781 ComputerName: SKYNET01 UserName:
04:07:51.750 Initialize success
04:08:03.750 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
04:08:03.750 Disk 0 Vendor: SAMSUNG_SP0411N TW100-08 Size: 38204MB BusType: 3
04:08:03.781 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-e
04:08:03.781 Disk 1 Vendor: SAMSUNG_HD080HJ WT100-33 Size: 76319MB BusType: 3
04:08:03.921 Disk 1 MBR read successfully
04:08:03.921 Disk 1 MBR scan
04:08:03.921 Disk 1 Windows XP default MBR code
04:08:03.937 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
04:08:03.953 Disk 1 scanning sectors +156280320
04:08:04.078 Disk 1 scanning C:\WINDOWS\system32\drivers
04:08:34.109 Service scanning
04:08:51.890 Modules scanning
04:08:57.890 Disk 1 trace - called modules:
04:08:57.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
04:08:57.906 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8677aab8]
04:08:57.906 3 CLASSPNP.SYS[f761c05b] -> nt!IofCallDriver -> \Device\00000069[0x867399e8]
04:08:57.906 5 ACPI.sys[f74b2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x86794940]
04:08:57.906 Scan finished successfully
04:09:25.156 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
04:09:25.156 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

4.) OTL logfile created on: 19/11/2012 04:11:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.35 Mb Total Physical Memory | 313.98 Mb Available Physical Memory | 30.68% Memory free
4.81 Gb Paging File | 3.96 Gb Available in Paging File | 82.30% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 41.55 Gb Free Space | 55.76% Space Free | Partition Type: NTFS
Drive D: | 37.31 Gb Total Space | 4.02 Gb Free Space | 10.76% Space Free | Partition Type: NTFS
Drive E: | 621.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 537.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 590.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 627.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SKYNET01 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/19 04:09:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/11/19 04:07:02 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
PRC - [2012/11/09 00:32:58 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/11/09 00:32:58 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 20:42:12 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/28 00:53:13 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/10/27 08:21:35 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/08/02 17:30:44 | 000,154,624 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2009/09/28 02:02:44 | 001,524,824 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2009/01/26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/05/02 04:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/06/01 17:03:48 | 000,295,424 | ---- | M] (Groom-A-Zebu ™ ) -- C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/09 00:32:59 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/09 00:32:59 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012/11/09 00:32:58 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/11/09 00:32:58 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
MOD - [2012/10/30 20:42:11 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/10/27 19:26:06 | 002,076,672 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_9c535f9d\system.xml.dll
MOD - [2012/10/27 19:26:01 | 002,994,176 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_499f3a6f\system.windows.forms.dll
MOD - [2012/10/27 19:25:57 | 000,835,584 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_bf7502ee\system.drawing.dll
MOD - [2012/10/27 19:25:54 | 001,929,216 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b3f44768\System.dll
MOD - [2012/10/27 19:25:47 | 003,289,088 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e3eb563d\mscorlib.dll
MOD - [2012/10/27 19:24:37 | 001,335,296 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2012/10/27 19:24:36 | 002,039,808 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/10/27 19:24:35 | 001,245,184 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/10/27 19:24:33 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2012/10/27 19:24:32 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/10/27 19:24:32 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2012/10/27 19:24:31 | 001,216,512 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/02 04:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/05/02 04:15:37 | 000,010,240 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2008/05/02 04:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2005/10/19 09:17:58 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll

========== Services (SafeList) ==========

SRV - [2012/11/17 21:23:58 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 00:32:58 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/06 15:43:04 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2012/11/06 14:28:57 | 001,984,516 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe -- (ExpressInvoiceService)
SRV - [2012/10/30 20:42:11 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/27 08:21:35 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/26 08:29:00 | 003,051,632 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe -- (ExpressAccountsService)
SRV - [2012/08/02 17:30:44 | 000,154,624 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/11/09 00:32:59 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/05 03:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/02 02:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 02:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 02:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 02:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 02:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/09/04 11:50:58 | 000,010,520 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BASFND.sys -- (BASFND)
DRV - [2012/05/24 11:44:48 | 000,239,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2012/03/27 16:03:36 | 006,100,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/06/15 09:30:56 | 000,090,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2009/11/18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/09/28 02:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/02 04:15:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008/02/27 11:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2006/09/26 20:50:04 | 001,754,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/14 22:00:00 | 000,273,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2003/06/04 15:37:00 | 000,077,463 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1957994488-2025429265-725345543-500\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-10-27 08:29:21&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1957994488-2025429265-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: [email protected]:2.4.7.4
FF - prefs.js..extensions.enabledAddons: {6614d11d-d21d-b211-ae23-815234e1ebb5}:2.7.0
FF - prefs.js..extensions.enabledAddons: [email protected]:2.17
FF - prefs.js..keyword.URL: "https://isearch.avg....7:29&sap=ku&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/09 00:34:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/28 00:53:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/30 20:42:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/04 21:57:36 | 000,000,000 | ---D | M]

[2012/10/27 07:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/11/14 22:06:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h8cpteql.default\extensions
[2012/10/29 00:41:20 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h8cpteql.default\extensions\[email protected]
[2012/11/14 19:03:30 | 000,474,999 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h8cpteql.default\extensions\[email protected]
[2012/10/28 20:05:39 | 000,164,885 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h8cpteql.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi
[2012/11/14 22:06:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h8cpteql.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/27 07:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/30 20:42:14 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2012/10/30 20:42:01 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/11/09 00:33:51 | 000,003,499 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/10/30 20:42:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/30 20:42:01 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/10/30 20:42:01 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/10/30 20:42:01 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/10/30 20:42:01 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2001/08/23 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-1957994488-2025429265-725345543-500\..\Toolbar\ShellBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-1957994488-2025429265-725345543-500\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1957994488-2025429265-725345543-500..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-1957994488-2025429265-725345543-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\The Proxomitron.lnk = C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe (Groom-A-Zebu ™ )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-2025429265-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B45F766-63EB-4252-8EAA-47C7F4146C5A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/10/27 06:05:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/09/13 16:36:38 | 001,152,056 | R--- | M] () - E:\AutoRun.bmp -- [ CDFS ]
O32 - AutoRun File - [2002/06/04 16:17:08 | 000,001,282 | R--- | M] () - E:\AutoRun.csv -- [ CDFS ]
O32 - AutoRun File - [2002/09/30 10:13:20 | 000,000,536 | R--- | M] () - E:\AutoRun.dat -- [ CDFS ]
O32 - AutoRun File - [2002/05/23 10:57:06 | 000,303,162 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/09/13 17:12:42 | 000,000,058 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2002/05/14 14:44:04 | 000,155,784 | R--- | M] () - E:\autorun.wav -- [ CDFS ]
O32 - AutoRun File - [2010/03/30 17:13:01 | 000,000,076 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2002/03/07 17:55:00 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <[email protected]>) - G:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/07/01 14:35:28 | 000,000,049 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/07/07 16:44:28 | 000,000,990 | R--- | M] () - G:\autorun.ini -- [ CDFS ]
O32 - AutoRun File - [2003/02/21 19:19:36 | 000,090,112 | R--- | M] () - H:\auto.exe -- [ CDFS ]
O32 - AutoRun File - [2002/03/07 21:55:00 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <[email protected]>) - H:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/07/15 21:53:26 | 000,000,054 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/07/07 20:44:28 | 000,000,990 | R--- | M] () - H:\autorun.ini -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/19 04:14:36 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/11/19 04:09:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/11/19 04:06:41 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/11/17 18:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/11/17 18:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/17 18:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/11/17 18:21:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/11/17 18:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/15 18:50:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Work
[2012/11/13 09:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinHTTrack
[2012/11/13 09:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack
[2012/11/11 08:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Web Album Generator
[2012/11/11 08:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Web Album Generator
[2012/11/11 06:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics
[2012/11/11 06:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Virtual Mechanics
[2012/11/11 06:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My IMS Projects
[2012/11/11 06:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Mechanics
[2012/11/09 00:34:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2012/11/08 20:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TS3Client
[2012/11/08 20:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamSpeak 3 Client
[2012/11/08 20:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012/11/08 18:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/11/08 18:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2012/11/08 00:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.ranktracker
[2012/11/07 23:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SEO PowerSuite
[2012/11/07 23:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\SEO PowerSuite
[2012/11/07 23:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Free Monitor for Google
[2012/11/07 23:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Monitor for Google
[2012/11/07 23:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Free Monitor for Google
[2012/11/07 05:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\greenstreet
[2012/11/07 05:08:37 | 001,472,000 | ---- | C] (GST Technology Ltd) -- C:\WINDOWS\System32\Rgt004.dll
[2012/11/07 05:08:37 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFWPG80N.DLL
[2012/11/07 05:08:36 | 000,114,176 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFTIF80N.DLL
[2012/11/07 05:08:36 | 000,028,672 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFPSD80N.DLL
[2012/11/07 05:08:36 | 000,028,160 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFWMF80N.DLL
[2012/11/07 05:08:36 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFTGA80N.DLL
[2012/11/07 05:08:36 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFRAS80N.DLL
[2012/11/07 05:08:36 | 000,025,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFWFX80N.DLL
[2012/11/07 05:08:35 | 000,134,144 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFPNG80N.DLL
[2012/11/07 05:08:35 | 000,035,840 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFLMA80N.DLL
[2012/11/07 05:08:35 | 000,031,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFLMB80N.DLL
[2012/11/07 05:08:35 | 000,030,720 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFPCX80N.DLL
[2012/11/07 05:08:35 | 000,030,720 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFPCT80N.DLL
[2012/11/07 05:08:35 | 000,026,624 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFPCD80N.DLL
[2012/11/07 05:08:35 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFMSP80N.DLL
[2012/11/07 05:08:35 | 000,025,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFMAC80N.DLL
[2012/11/07 05:08:34 | 000,423,936 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTKRN80N.DLL
[2012/11/07 05:08:34 | 000,094,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTIMG80N.DLL
[2012/11/07 05:08:34 | 000,024,576 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFAVI80N.DLL
[2012/11/07 05:08:34 | 000,003,824 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTTHK80W.DLL
[2012/11/07 05:08:33 | 000,064,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTFIL80N.DLL
[2012/11/07 05:08:33 | 000,052,224 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFFPX80N.DLL
[2012/11/07 05:08:33 | 000,046,080 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFICA80N.DLL
[2012/11/07 05:08:33 | 000,039,424 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFGIF80N.DLL
[2012/11/07 05:08:33 | 000,027,136 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFIMG80N.DLL
[2012/11/07 05:08:32 | 000,235,008 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFDIC80N.DLL
[2012/11/07 05:08:32 | 000,232,960 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFCMP80N.DLL
[2012/11/07 05:08:32 | 000,064,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFFAX80N.DLL
[2012/11/07 05:08:32 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFEPS80N.DLL
[2012/11/07 05:08:32 | 000,026,624 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFCAL80N.DLL
[2012/11/07 05:08:31 | 000,232,448 | ---- | C] (GST Technology) -- C:\WINDOWS\System32\GSTCTRL.OCX
[2012/11/07 05:08:31 | 000,033,792 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTTWN80N.DLL
[2012/11/07 05:08:31 | 000,033,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFBMP80N.DLL
[2012/11/07 05:08:31 | 000,028,672 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFAWD80N.DLL
[2012/11/07 05:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\greenstreet
[2012/11/07 05:08:20 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2012/11/06 15:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2012/11/06 15:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2012/11/06 15:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/11/06 15:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia Shared
[2012/11/06 15:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Macromedia
[2012/11/06 15:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia
[2012/11/06 15:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Macromedia
[2012/11/06 15:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TweetAdder3
[2012/11/06 15:05:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/11/06 14:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2012/11/06 14:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2012/11/04 23:26:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\Mount&Blade Warband Savegames
[2012/11/04 23:23:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\Mount&Blade Warband
[2012/11/04 23:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mount&Blade Warband
[2012/11/04 22:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Mount&Blade Warband
[2012/11/04 18:19:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012/11/02 16:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Axantum AxCrypt
[2012/11/02 16:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Axantum
[2012/11/02 00:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Tweet Adder 3
[2012/11/02 00:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweet Adder 3
[2012/11/01 20:56:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\ArmA Demo Other Profiles
[2012/11/01 20:50:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\ArmA Demo
[2012/11/01 20:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ArmA Demo
[2012/11/01 20:50:47 | 000,108,144 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2012/11/01 20:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Atari
[2012/11/01 20:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2012/11/01 20:49:35 | 000,409,600 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2012/11/01 20:49:34 | 000,114,688 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2012/10/30 21:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\GameSpy Arcade
[2012/10/30 21:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2012/10/30 20:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GameRanger
[2012/10/30 19:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PeerBlock
[2012/10/30 19:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2012/10/30 06:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2012/10/30 06:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/10/30 06:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/10/30 04:41:34 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/10/30 04:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alternate
[2012/10/30 04:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Alternate
[2012/10/30 04:25:32 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2012/10/30 04:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\FreeArc
[2012/10/30 01:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Codemasters
[2012/10/29 22:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\MagicDisc
[2012/10/29 22:06:39 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2012/10/29 22:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2012/10/29 18:10:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/10/29 14:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/10/29 14:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/10/28 22:25:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/10/28 22:24:34 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2012/10/28 22:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/10/28 22:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/10/28 22:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/10/28 22:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/10/28 22:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/10/28 22:17:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/10/28 22:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2012/10/28 22:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/10/28 22:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/10/28 22:16:04 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/10/28 06:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012/10/28 06:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/10/28 06:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/10/28 05:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2012/10/28 05:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BitTorrent
[2012/10/28 05:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2012/10/28 05:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/10/28 04:24:12 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2012/10/28 04:21:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2012/10/28 01:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\3D GameStudio
[2012/10/28 01:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\GStudio6
[2012/10/28 01:51:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2012/10/28 00:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/10/28 00:53:22 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/10/28 00:53:16 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/10/28 00:53:16 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/10/28 00:53:15 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/10/28 00:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2012/10/28 00:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012/10/28 00:53:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real
[2012/10/28 00:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2012/10/28 00:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Unlocker
[2012/10/28 00:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2012/10/28 00:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\CCleaner
[2012/10/28 00:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/28 00:07:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Datafiles
[2012/10/28 00:06:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Projects & Documents
[2012/10/28 00:06:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My RoboForm Data
[2012/10/28 00:06:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Desktop
[2012/10/28 00:00:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2012/10/27 23:55:07 | 001,493,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2012/10/27 23:55:07 | 000,891,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2012/10/27 23:55:07 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012/10/27 23:55:07 | 000,084,584 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2012/10/27 23:55:06 | 009,721,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2012/10/27 23:55:05 | 006,100,072 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2012/10/27 23:55:05 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012/10/27 23:55:05 | 000,065,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstIIXP.dll
[2012/10/27 23:55:05 | 000,011,368 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoLDRXP.dll
[2012/10/27 23:55:04 | 002,180,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2012/10/27 23:55:04 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2012/10/27 23:55:01 | 002,815,592 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2012/10/27 23:55:01 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012/10/27 23:55:01 | 000,285,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2012/10/27 23:55:01 | 000,064,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2012/10/27 23:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/10/27 23:54:52 | 001,698,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2012/10/27 23:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/10/27 23:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/10/27 23:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/10/27 22:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2012/10/27 21:40:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012/10/27 21:40:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/10/27 21:04:14 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2012/10/27 21:04:13 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2012/10/27 21:04:11 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2012/10/27 21:04:10 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2012/10/27 21:04:09 | 000,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2012/10/27 21:04:07 | 000,171,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2012/10/27 21:04:06 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2012/10/27 21:04:05 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2012/10/27 21:04:03 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2012/10/27 21:04:02 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2012/10/27 21:04:00 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2012/10/27 21:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Sigmatel
[2012/10/27 21:03:54 | 000,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2012/10/27 21:03:54 | 000,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2012/10/27 21:03:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2012/10/27 21:03:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2012/10/27 21:03:53 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2012/10/27 21:03:53 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2012/10/27 21:03:53 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2012/10/27 21:03:53 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2012/10/27 21:00:45 | 000,273,296 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\STAC97.sys
[2012/10/27 21:00:45 | 000,102,912 | ---- | C] (Sigmatel, Inc.) -- C:\WINDOWS\System32\staco.dll
[2012/10/27 20:22:00 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2012/10/27 20:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/10/27 19:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ATI
[2012/10/27 19:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ATI
[2012/10/27 19:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2012/10/27 19:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2012/10/27 19:24:17 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/10/27 19:24:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/10/27 19:24:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/10/27 19:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/10/27 19:09:22 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/10/27 19:08:51 | 000,077,824 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2012/10/27 19:08:50 | 000,118,784 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2012/10/27 19:08:50 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2012/10/27 19:08:50 | 000,017,408 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2012/10/27 19:08:49 | 005,144,576 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2012/10/27 19:08:48 | 006,684,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atioglx1.dll
[2012/10/27 19:08:48 | 000,307,200 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2012/10/27 19:08:48 | 000,303,104 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2012/10/27 19:08:48 | 000,221,184 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2012/10/27 19:08:48 | 000,090,112 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2012/10/27 19:08:48 | 000,053,248 | ---- | C] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2012/10/27 19:08:48 | 000,049,152 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2012/10/27 19:08:48 | 000,041,984 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2012/10/27 19:08:48 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2012/10/27 18:56:50 | 000,239,928 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\b57xp32.sys
[2012/10/27 18:56:50 | 000,239,928 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2012/10/27 18:56:06 | 000,089,600 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\Baspxp32.dll
[2012/10/27 18:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom
[2012/10/27 18:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2012/10/27 18:55:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Dell
[2012/10/27 18:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations
[2012/10/27 18:45:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2012/10/27 18:45:10 | 000,041,852 | R--- | C] (3Com Corporation) -- C:\WINDOWS\System32\UpdDrv2K.exe
[2012/10/27 18:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/10/27 18:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\driveridentifier
[2012/10/27 18:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Identifier
[2012/10/27 18:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Identifier
[2012/10/27 18:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Innovative Solutions
[2012/10/27 17:48:08 | 000,009,469 | ---- | C] (Leadtek Research Inc.) -- C:\WINDOWS\System32\drivers\WINFOXIO.sys
[2012/10/27 17:48:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WinFox
[2012/10/27 17:48:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WinFast
[2012/10/27 17:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/10/27 17:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/10/27 17:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012/10/27 17:27:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/10/27 17:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\C-Media
[2012/10/27 16:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2012/10/27 16:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/10/27 16:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
[2012/10/27 16:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/10/27 16:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2012/10/27 08:28:37 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2012/10/27 08:28:37 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2012/10/27 08:28:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2012/10/27 08:28:36 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2012/10/27 08:28:36 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2012/10/27 08:28:35 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2012/10/27 08:28:35 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2012/10/27 08:28:34 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2012/10/27 08:28:33 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2012/10/27 08:28:33 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2012/10/27 08:28:33 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2012/10/27 08:28:33 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2012/10/27 08:28:32 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2012/10/27 08:28:31 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2012/10/27 08:28:30 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2012/10/27 08:28:30 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2012/10/27 08:28:29 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2012/10/27 08:28:29 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2012/10/27 08:28:28 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2012/10/27 08:28:27 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2012/10/27 08:28:27 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2012/10/27 08:28:26 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2012/10/27 08:28:25 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2012/10/27 08:28:25 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2012/10/27 08:28:25 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2012/10/27 08:28:24 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2012/10/27 08:28:24 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2012/10/27 08:28:24 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2012/10/27 08:28:23 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2012/10/27 08:28:22 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2012/10/27 08:28:22 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2012/10/27 08:28:21 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2012/10/27 08:28:21 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2012/10/27 08:28:20 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2012/10/27 08:28:20 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2012/10/27 08:28:20 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2012/10/27 08:28:19 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2012/10/27 08:28:19 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2012/10/27 08:28:19 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2012/10/27 08:28:18 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2012/10/27 08:28:18 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2012/10/27 08:28:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2012/10/27 08:28:17 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2012/10/27 08:28:16 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2012/10/27 08:28:16 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2012/10/27 08:28:15 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2012/10/27 08:28:15 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2012/10/27 08:28:14 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2012/10/27 08:28:14 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2012/10/27 08:28:13 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2012/10/27 08:28:13 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2012/10/27 08:28:12 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2012/10/27 08:28:12 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2012/10/27 08:28:11 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2012/10/27 08:28:11 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2012/10/27 08:28:10 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2012/10/27 08:28:09 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2012/10/27 08:28:09 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2012/10/27 08:28:09 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2012/10/27 08:28:08 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2012/10/27 08:28:07 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2012/10/27 08:28:07 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2012/10/27 08:28:07 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2012/10/27 08:28:07 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2012/10/27 08:28:06 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2012/10/27 08:28:05 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2012/10/27 08:28:04 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2012/10/27 08:28:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2012/10/27 08:28:04 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2012/10/27 08:28:03 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2012/10/27 08:28:01 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2012/10/27 08:28:00 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2012/10/27 08:27:59 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2012/10/27 08:27:59 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2012/10/27 08:27:59 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2012/10/27 08:27:58 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2012/10/27 08:27:57 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2012/10/27 08:27:57 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2012/10/27 08:27:56 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2012/10/27 08:27:55 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2012/10/27 08:27:55 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2012/10/27 08:27:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2012/10/27 08:27:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2012/10/27 08:27:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2012/10/27 08:27:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2012/10/27 08:27:51 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2012/10/27 08:27:51 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2012/10/27 08:27:50 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2012/10/27 08:27:49 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2012/10/27 08:27:49 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2012/10/27 08:27:48 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2012/10/27 08:26:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2012/10/27 08:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/10/27 08:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/27 08:22:36 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/10/27 08:22:36 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/10/27 08:22:35 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/10/27 08:22:35 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/27 08:22:01 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/27 08:22:01 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/27 08:22:00 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/27 08:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/10/27 08:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012/10/27 08:09:58 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/27 08:09:58 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/27 07:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Proxomitron
[2012/10/27 07:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\Proxomitron Naoko-4
[2012/10/27 07:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/10/27 07:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/10/27 07:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/10/27 07:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/10/27 07:23:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/10/27 07:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/10/27 07:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012/10/27 07:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG2013
[2012/10/27 07:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2012/10/27 07:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Secure Search
[2012/10/27 07:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/10/27 07:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
[2012/10/27 07:17:27 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/10/27 07:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/10/27 07:16:26 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/10/27 07:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/10/27 07:12:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Downloads
[2012/10/27 07:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012/10/27 07:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012/10/27 07:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/27 07:08:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/10/27 07:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/10/27 07:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
[2012/10/27 07:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2013
[2012/10/27 06:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/10/27 06:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2012/10/27 06:53:05 | 000,077,463 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\drivers\el90Xbc5.SYS
[2012/10/27 06:53:05 | 000,077,463 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2012/10/27 06:52:47 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2012/10/27 06:52:47 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbui.dll
[2012/10/27 06:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/10/27 06:51:34 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2012/10/27 06:51:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2012/10/27 06:51:33 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2012/10/27 06:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012/10/27 06:51:32 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2012/10/27 06:51:32 | 000,000,000 | R--D | C] -- C:\Program Files
[2012/10/27 06:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/10/27 06:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/10/27 06:51:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2012/10/27 06:51:30 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2012/10/27 06:51:30 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2012/10/27 06:51:30 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2012/10/27 06:51:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2012/10/27 06:51:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2012/10/27 06:51:30 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2012/10/27 06:51:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2012/10/27 06:51:28 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2012/10/27 06:51:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2012/10/27 06:51:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2012/10/27 06:51:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2012/10/27 06:51:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2012/10/27 06:51:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2012/10/27 06:51:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2012/10/27 06:51:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2012/10/27 06:51:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2012/10/27 06:51:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2012/10/27 06:51:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2012/10/27 06:51:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2012/10/27 06:51:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2012/10/27 06:51:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2012/10/27 06:51:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2012/10/27 06:51:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2012/10/27 06:51:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2012/10/27 06:51:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2012/10/27 06:51:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2012/10/27 06:51:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2012/10/27 06:51:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2012/10/27 06:51:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2012/10/27 06:51:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2012/10/27 06:51:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2012/10/27 06:51:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2012/10/27 06:51:26 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2012/10/27 06:51:26 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2012/10/27 06:51:26 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2012/10/27 06:51:26 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2012/10/27 06:51:26 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2012/10/27 06:51:26 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2012/10/27 06:51:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2012/10/27 06:51:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2012/10/27 06:51:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2012/10/27 06:51:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2012/10/27 06:51:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2012/10/27 06:51:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2012/10/27 06:51:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2012/10/27 06:51:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2012/10/27 06:51:25 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2012/10/27 06:51:25 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2012/10/27 06:51:25 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2012/10/27 06:51:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2012/10/27 06:51:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2012/10/27 06:51:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2012/10/27 06:51:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2012/10/27 06:51:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2012/10/27 06:51:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2012/10/27 06:51:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2012/10/27 06:51:24 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2012/10/27 06:51:24 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2012/10/27 06:51:24 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2012/10/27 06:51:23 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2012/10/27 06:51:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2012/10/27 06:51:23 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2012/10/27 06:51:23 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2012/10/27 06:51:23 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2012/10/27 06:51:23 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2012/10/27 06:51:23 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2012/10/27 06:51:23 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2012/10/27 06:51:23 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2012/10/27 06:51:23 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2012/10/27 06:51:23 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2012/10/27 06:51:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2012/10/27 06:51:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2012/10/27 06:51:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2012/10/27 06:51:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2012/10/27 06:51:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2012/10/27 06:51:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2012/10/27 06:51:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2012/10/27 06:51:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2012/10/27 06:51:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2012/10/27 06:51:23 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2012/10/27 06:51:23 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2012/10/27 06:51:23 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2012/10/27 06:51:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2012/10/27 06:51:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2012/10/27 06:51:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2012/10/27 06:51:21 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2012/10/27 06:51:21 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2012/10/27 06:51:21 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2012/10/27 06:51:21 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2012/10/27 06:51:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2012/10/27 06:51:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2012/10/27 06:51:20 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2012/10/27 06:51:20 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2012/10/27 06:51:20 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2012/10/27 06:51:20 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2012/10/27 06:51:20 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2012/10/27 06:51:20 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tapi.dll
[2012/10/27 06:51:20 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2012/10/27 06:51:20 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wfwnet.drv
[2012/10/27 06:51:20 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2012/10/27 06:51:20 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ver.dll
[2012/10/27 06:51:20 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2012/10/27 06:51:20 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2012/10/27 06:51:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell.dll
[2012/10/27 06:51:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2012/10/27 06:51:20 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\timer.drv
[2012/10/27 06:51:20 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2012/10/27 06:51:20 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.drv
[2012/10/27 06:51:20 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2012/10/27 06:51:20 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vga.drv
[2012/10/27 06:51:20 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2012/10/27 06:51:20 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sound.drv
[2012/10/27 06:51:20 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2012/10/27 06:51:19 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvideo.dll
[2012/10/27 06:51:19 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2012/10/27 06:51:19 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifile.dll
[2012/10/27 06:51:19 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2012/10/27 06:51:19 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecli.dll
[2012/10/27 06:51:19 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2012/10/27 06:51:19 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciavi.drv
[2012/10/27 06:51:19 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2012/10/27 06:51:19 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\mmsystem.dll
[2012/10/27 06:51:19 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\commdlg.dll
[2012/10/27 06:51:19 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2012/10/27 06:51:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciwave.drv
[2012/10/27 06:51:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2012/10/27 06:51:19 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciseq.drv
[2012/10/27 06:51:19 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2012/10/27 06:51:19 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olesvr.dll
[2012/10/27 06:51:19 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2012/10/27 06:51:19 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lzexpand.dll
[2012/10/27 06:51:19 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2012/10/27 06:51:19 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouse.drv
[2012/10/27 06:51:19 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2012/10/27 06:51:19 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\keyboard.drv
[2012/10/27 06:51:19 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2012/10/27 06:51:19 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmtask.tsk
[2012/10/27 06:51:19 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2012/10/27 06:51:18 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2012/10/27 06:51:18 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avicap.dll
[2012/10/27 06:51:18 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2012/10/27 06:51:18 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2012/10/27 06:51:18 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2012/10/27 06:51:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/10/27 06:51:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/10/27 06:51:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/10/27 06:51:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2012/10/27 06:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/10/27 06:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2012/10/27 06:51:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/10/27 06:51:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/10/27 06:50:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/10/27 06:50:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/10/27 06:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2012/10/27 06:49:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/10/27 06:48:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/10/27 06:48:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/10/27 06:48:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/10/27 06:46:10 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2012/10/27 06:46:10 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/10/27 06:46:10 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2012/10/27 06:46:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/10/27 06:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2012/10/27 06:42:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2012/10/27 06:42:43 | 000,040,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2012/10/27 06:42:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\asr_pfu.exe
[2012/10/27 06:42:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spiisupd.exe
[2012/10/27 06:42:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2012/10/27 06:42:41 | 001,754,624 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2012/10/27 06:42:41 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2012/10/27 06:42:41 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2012/10/27 06:42:41 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2012/10/27 06:42:41 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2012/10/27 06:42:41 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2012/10/27 06:42:41 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2012/10/27 06:42:41 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2012/10/27 06:42:41 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2012/10/27 06:42:41 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2012/10/27 06:42:41 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2012/10/27 06:42:41 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2012/10/27 06:42:41 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2012/10/27 06:42:41 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2012/10/27 06:42:41 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2012/10/27 06:42:41 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2012/10/27 06:42:41 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2012/10/27 06:42:41 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2012/10/27 06:42:41 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2012/10/27 06:42:41 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2012/10/27 06:42:41 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2012/10/27 06:42:41 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2012/10/27 06:42:41 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2012/10/27 06:42:41 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2012/10/27 06:42:41 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2012/10/27 06:42:41 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2012/10/27 06:42:41 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2012/10/27 06:42:41 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2012/10/27 06:42:41 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2012/10/27 06:42:41 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2012/10/27 06:42:41 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2012/10/27 06:42:40 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2012/10/27 06:42:40 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2012/10/27 06:42:40 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2012/10/27 06:42:40 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2012/10/27 06:42:40 | 000,035,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2012/10/27 06:42:40 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2012/10/27 06:42:40 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2012/10/27 06:42:40 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2012/10/27 06:42:40 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2012/10/27 06:42:40 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2012/10/27 06:42:39 | 002,415,648 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2012/10/27 06:42:39 | 001,086,144 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2012/10/27 06:42:39 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2012/10/27 06:42:39 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2012/10/27 06:42:39 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2012/10/27 06:42:39 | 000,294,912 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2012/10/27 06:42:39 | 000,260,608 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2012/10/27 06:42:39 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2012/10/27 06:42:39 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2012/10/27 06:42:39 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthprops.cpl
[2012/10/27 06:42:39 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2012/10/27 06:42:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\blastcln.exe
[2012/10/27 06:42:39 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2012/10/27 06:42:39 | 000,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2012/10/27 06:42:39 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2012/10/27 06:42:39 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2012/10/27 06:42:39 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2012/10/27 06:42:39 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2012/10/27 06:42:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthci.dll
[2012/10/27 06:42:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\auditusr.exe
[2012/10/27 06:42:39 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2012/10/27 06:42:39 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2012/10/27 06:42:39 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2012/10/27 06:42:39 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2012/10/27 06:42:39 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2012/10/27 06:42:39 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2012/10/27 06:42:39 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2012/10/27 06:42:39 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2012/10/27 06:42:39 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2012/10/27 06:42:39 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2012/10/27 06:42:39 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2012/10/27 06:42:39 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2012/10/27 06:42:38 | 002,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiagn.dll
[2012/10/27 06:42:38 | 001,689,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d9.dll
[2012/10/27 06:42:38 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2012/10/27 06:42:38 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irprops.cpl
[2012/10/27 06:42:38 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe
[2012/10/27 06:42:38 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\firewall.cpl
[2012/10/27 06:42:38 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fwcfg.dll
[2012/10/27 06:42:38 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\btpanui.dll
[2012/10/27 06:42:38 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2012/10/27 06:42:38 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2012/10/27 06:42:38 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\encapi.dll
[2012/10/27 06:42:38 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmsetacl.dll
[2012/10/27 06:42:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2012/10/27 06:42:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hccoin.dll
[2012/10/27 06:42:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsprpres.dll
[2012/10/27 06:42:37 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2012/10/27 06:42:37 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2012/10/27 06:42:37 | 000,537,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msftedit.dll
[2012/10/27 06:42:37 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2012/10/27 06:42:37 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sdmod.dll
[2012/10/27 06:42:37 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgraph.dll
[2012/10/27 06:42:37 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp43dmod.dll
[2012/10/27 06:42:37 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2012/10/27 06:42:37 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2012/10/27 06:42:37 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sbeio.dll
[2012/10/27 06:42:37 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssap.dll
[2012/10/27 06:42:37 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdadiag.dll
[2012/10/27 06:42:37 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2p.dll
[2012/10/27 06:42:37 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pnetsh.dll
[2012/10/27 06:42:37 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgasvc.dll
[2012/10/27 06:42:37 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2012/10/27 06:42:37 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2012/10/27 06:42:37 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2012/10/27 06:42:37 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.exe
[2012/10/27 06:42:37 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2012/10/27 06:42:37 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sdhcinst.dll
[2012/10/27 06:42:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2012/10/27 06:42:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.cpl
[2012/10/27 06:42:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smbinst.exe
[2012/10/27 06:42:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsno.dll
[2012/10/27 06:42:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsfi.dll
[2012/10/27 06:42:37 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdukx.dll
[2012/10/27 06:42:37 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdno1.dll
[2012/10/27 06:42:37 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfi1.dll
[2012/10/27 06:42:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinmal.dll
[2012/10/27 06:42:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinben.dll
[2012/10/27 06:42:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt48.dll
[2012/10/27 06:42:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt47.dll
[2012/10/27 06:42:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinbe1.dll
[2012/10/27 06:42:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmaori.dll
[2012/10/27 06:42:36 | 001,119,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmsdmoe2.dll
[2012/10/27 06:42:36 | 001,001,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdmoe2.dll
[2012/10/27 06:42:36 | 000,937,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winbrand.dll
[2012/10/27 06:42:36 | 000,896,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmspdmoe.dll
[2012/10/27 06:42:36 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmspdmod.dll
[2012/10/27 06:42:36 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpob2res.dll
[2012/10/27 06:42:36 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/10/27 06:42:36 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp1res.dll
[2012/10/27 06:42:36 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2012/10/27 06:42:36 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmerror.dll
[2012/10/27 06:42:36 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2012/10/27 06:42:36 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmidx.dll
[2012/10/27 06:42:36 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscui.cpl
[2012/10/27 06:42:36 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpasf.dll
[2012/10/27 06:42:36 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/10/27 06:42:36 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprovi.dll
[2012/10/27 06:42:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/10/27 06:42:36 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2012/10/27 06:42:36 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winshfhc.dll
[2012/10/27 06:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2012/10/27 06:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2012/10/27 06:41:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2012/10/27 06:39:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012/10/27 06:39:11 | 000,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2012/10/27 06:37:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/10/27 06:37:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2012/10/27 06:32:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2012/10/27 06:22:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/10/27 06:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2012/10/27 06:21:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012/10/27 06:21:55 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2012/10/27 06:21:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012/10/27 06:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/10/27 06:21:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/10/27 06:21:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/10/27 06:21:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/10/27 06:21:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/10/27 06:21:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/10/27 06:21:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/10/27 06:21:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/10/27 06:21:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/10/27 06:21:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/10/27 06:21:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/10/27 06:21:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/10/27 06:21:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/10/27 06:21:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/10/27 06:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/10/27 06:21:47 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/10/27 06:21:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2012/10/27 06:21:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2012/10/27 06:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2012/10/27 06:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2012/10/27 06:19:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2012/10/27 06:19:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2012/10/27 06:19:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2012/10/27 06:19:05 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2012/10/27 06:19:05 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2012/10/27 06:19:04 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2012/10/27 06:19:04 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2012/10/27 06:19:04 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2012/10/27 06:19:03 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2012/10/27 06:19:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2012/10/27 06:19:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2012/10/27 06:19:03 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2012/10/27 06:19:02 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2012/10/27 06:19:02 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2012/10/27 06:19:02 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2012/10/27 06:19:01 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2012/10/27 06:19:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2012/10/27 06:19:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2012/10/27 06:19:00 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2012/10/27 06:19:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2012/10/27 06:19:00 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2012/10/27 06:19:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2012/10/27 06:18:59 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2012/10/27 06:18:59 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2012/10/27 06:18:59 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2012/10/27 06:18:59 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2012/10/27 06:18:59 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2012/10/27 06:18:58 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2012/10/27 06:18:57 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2012/10/27 06:18:57 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2012/10/27 06:18:56 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2012/10/27 06:18:56 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2012/10/27 06:18:55 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsvc.dll
[2012/10/27 06:18:55 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2012/10/27 06:18:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2012/10/27 06:18:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2012/10/27 06:18:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2012/10/27 06:18:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2012/10/27 06:18:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2012/10/27 06:18:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll
[2012/10/27 06:18:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2012/10/27 06:18:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2012/10/27 06:18:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2012/10/27 06:18:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2012/10/27 06:18:54 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2012/10/27 06:18:54 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2012/10/27 06:18:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2012/10/27 06:18:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2012/10/27 06:18:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2012/10/27 06:18:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2012/10/27 06:18:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2012/10/27 06:18:54 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2012/10/27 06:18:52 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll
[2012/10/27 06:18:52 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2012/10/27 06:18:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2012/10/27 06:18:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/10/27 06:18:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/10/27 06:18:51 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/10/27 06:18:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2012/10/27 06:18:51 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll
[2012/10/27 06:18:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2012/10/27 06:18:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2012/10/27 06:18:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012/10/27 06:18:49 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2012/10/27 06:18:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012/10/27 06:18:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012/10/27 06:18:48 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012/10/27 06:18:48 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2012/10/27 06:18:48 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012/10/27 06:18:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2012/10/27 06:18:47 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2012/10/27 06:14:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2012/10/27 06:14:14 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2012/10/27 06:14:13 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2012/10/27 06:14:13 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2012/10/27 06:14:13 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2012/10/27 06:14:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2012/10/27 06:14:12 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2012/10/27 06:14:11 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2012/10/27 06:12:05 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2012/10/27 06:06:54 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012/10/27 06:06:54 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012/10/27 06:06:53 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2012/10/27 06:06:53 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2012/10/27 06:06:52 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2012/10/27 06:06:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2012/10/27 06:06:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2012/10/27 06:06:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2012/10/27 06:06:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2012/10/27 06:06:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2012/10/27 06:06:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2012/10/27 06:06:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2012/10/27 06:06:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2012/10/27 06:06:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2012/10/27 06:06:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2012/10/27 06:06:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2012/10/27 06:06:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2012/10/27 06:06:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2012/10/27 06:06:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2012/10/27 06:06:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2012/10/27 06:06:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2012/10/27 06:06:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2012/10/27 06:06:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2012/10/27 06:06:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2012/10/27 06:06:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2012/10/27 06:06:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2012/10/27 06:06:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2012/10/27 06:06:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2012/10/27 06:06:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2012/10/27 06:06:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2012/10/27 06:06:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2012/10/27 06:06:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2012/10/27 06:06:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2012/10/27 06:06:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2012/10/27 06:06:48 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012/10/27 06:06:48 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2012/10/27 06:06:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2012/10/27 06:06:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2012/10/27 06:06:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2012/10/27 06:06:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2012/10/27 06:06:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2012/10/27 06:06:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2012/10/27 06:06:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2012/10/27 06:06:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2012/10/27 06:06:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2012/10/27 06:06:47 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2012/10/27 06:06:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2012/10/27 06:06:46 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2012/10/27 06:06:46 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2012/10/27 06:06:46 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2012/10/27 06:06:46 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2012/10/27 06:06:46 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2012/10/27 06:06:46 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2012/10/27 06:06:46 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2012/10/27 06:06:46 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2012/10/27 06:06:45 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2012/10/27 06:06:45 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2012/10/27 06:06:45 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2012/10/27 06:06:45 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2012/10/27 06:06:45 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2012/10/27 06:06:45 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2012/10/27 06:06:45 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2012/10/27 06:06:45 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2012/10/27 06:06:44 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2012/10/27 06:06:44 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2012/10/27 06:06:44 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2012/10/27 06:06:44 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2012/10/27 06:06:44 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2012/10/27 06:06:44 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2012/10/27 06:06:44 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2012/10/27 06:06:44 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2012/10/27 06:06:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2012/10/27 06:06:43 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2012/10/27 06:06:43 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2012/10/27 06:06:39 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2012/10/27 06:06:33 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2012/10/27 06:06:32 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2012/10/27 06:06:30 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2012/10/27 06:06:30 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2012/10/27 06:06:30 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2012/10/27 06:06:30 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2012/10/27 06:06:29 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012/10/27 06:06:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2012/10/27 06:06:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2012/10/27 06:06:28 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012/10/27 06:06:28 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012/10/27 06:06:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2012/10/27 06:06:28 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012/10/27 06:06:28 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012/10/27 06:06:28 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2012/10/27 06:06:27 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2012/10/27 06:06:25 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2012/10/27 06:06:25 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2012/10/27 06:06:25 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012/10/27 06:06:24 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2012/10/27 06:06:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2012/10/27 06:06:24 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2012/10/27 06:06:23 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2012/10/27 06:06:23 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2012/10/27 06:06:23 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2012/10/27 06:06:23 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2012/10/27 06:06:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2012/10/27 06:06:22 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2012/10/27 06:06:22 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2012/10/27 06:06:22 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012/10/27 06:06:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012/10/27 06:06:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012/10/27 06:06:22 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012/10/27 06:06:21 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2012/10/27 06:06:21 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2012/10/27 06:06:21 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/10/27 06:06:21 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2012/10/27 06:06:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2012/10/27 06:06:20 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2012/10/27 06:06:20 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2012/10/27 06:06:20 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2012/10/27 06:06:20 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2012/10/27 06:06:19 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll
[2012/10/27 06:06:19 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2012/10/27 06:06:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2012/10/27 06:06:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2012/10/27 06:06:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2012/10/27 06:06:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2012/10/27 06:06:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2012/10/27 06:06:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2012/10/27 06:06:18 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2012/10/27 06:06:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2012/10/27 06:06:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2012/10/27 06:06:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2012/10/27 06:06:16 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll
[2012/10/27 06:06:15 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll
[2012/10/27 06:06:13 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2012/10/27 06:06:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2012/10/27 06:06:12 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2012/10/27 06:06:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2012/10/27 06:06:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2012/10/27 06:06:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2012/10/27 06:06:09 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2012/10/27 06:06:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/10/27 06:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/10/27 06:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/10/27 06:05:46 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2012/10/27 06:05:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2012/10/27 06:05:11 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/10/27 06:05:11 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/10/27 06:04:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/10/27 06:04:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/10/27 06:04:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2012/10/27 06:04:40 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpvis.dll
[2012/10/27 06:04:36 | 000,319,551 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmres.dll
[2012/10/27 06:04:36 | 000,163,906 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmutil.dll
[2012/10/27 06:04:36 | 000,110,657 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmfilt.dll
[2012/10/27 06:04:36 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2012/10/27 06:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2012/10/27 06:04:24 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2012/10/27 06:04:21 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2012/10/27 06:04:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2012/10/27 06:04:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2012/10/27 06:04:21 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2012/10/27 06:04:21 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2012/10/27 06:04:21 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2012/10/27 06:04:20 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2012/10/27 06:04:19 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2012/10/27 06:04:19 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2012/10/27 06:04:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2012/10/27 06:04:12 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2012/10/27 06:04:11 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2012/10/27 06:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012/10/27 06:04:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2012/10/27 06:04:10 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2012/10/27 06:04:10 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2012/10/27 06:04:10 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2012/10/27 06:04:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2012/10/27 06:04:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2012/10/27 06:04:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2012/10/27 06:04:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2012/10/27 06:04:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2012/10/27 06:04:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2012/10/27 06:04:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2012/10/27 06:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2012/10/27 06:04:06 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2012/10/27 06:04:06 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2012/10/27 06:04:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2012/10/27 06:04:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2012/10/27 06:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012/10/27 06:04:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2012/10/27 06:04:05 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2012/10/27 06:04:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2012/10/27 06:04:01 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2012/10/27 06:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012/10/27 06:04:00 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2012/10/27 06:04:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2012/10/27 06:04:00 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2012/10/27 06:04:00 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2012/10/27 06:04:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2012/10/27 06:04:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2012/10/27 06:03:59 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2012/10/27 06:03:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2012/10/27 06:03:59 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2012/10/27 06:03:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2012/10/27 06:03:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2012/10/27 06:03:58 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2012/10/27 06:03:58 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2012/10/27 06:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/10/27 06:03:54 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2012/10/27 06:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012/10/27 06:03:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/10/27 06:03:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/10/27 06:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/10/27 06:03:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/10/27 06:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/10/27 06:03:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/10/27 06:03:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/10/27 06:03:18 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/10/27 06:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/10/27 06:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2012/10/27 06:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/10/27 06:03:05 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2012/10/27 06:03:05 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2012/10/27 06:03:05 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2012/10/27 06:03:05 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2012/10/27 06:03:05 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2012/10/27 06:03:05 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2012/10/27 06:03:04 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2012/10/27 06:03:04 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2012/10/27 06:03:04 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2012/10/27 06:03:04 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2012/10/27 06:03:04 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2012/10/27 06:03:04 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2012/10/27 06:03:04 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2012/10/27 06:03:04 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2012/10/27 06:03:04 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2012/10/27 06:03:04 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2012/10/27 06:03:04 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2012/10/27 06:03:04 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2012/10/27 06:03:03 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2012/10/27 06:03:03 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2012/10/27 06:03:03 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2012/10/27 06:03:03 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2012/10/27 06:03:03 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2012/10/27 06:03:03 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2012/10/27 06:03:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2012/10/27 06:03:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2012/10/27 06:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2012/10/27 06:02:55 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2012/10/27 06:02:55 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2012/10/27 06:02:54 | 000,345,088 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2012/10/27 06:02:54 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2012/10/27 06:02:54 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2012/10/27 06:02:54 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2012/10/27 06:02:54 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2012/10/27 06:02:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2012/10/27 06:02:54 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2012/10/27 06:02:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2012/10/27 06:02:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2012/10/27 06:02:54 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2012/10/27 06:02:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2012/10/27 06:02:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2012/10/27 06:02:54 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2012/10/27 06:02:53 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2012/10/27 06:02:53 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2012/10/27 06:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012/10/27 06:02:52 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2012/10/27 06:02:48 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2012/10/27 06:02:47 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2012/10/27 06:02:47 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2012/10/27 06:02:47 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2012/10/27 06:02:47 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2012/10/27 06:02:47 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2012/10/27 06:02:47 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2012/10/27 06:02:46 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2012/10/27 06:02:46 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2012/10/27 06:02:46 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2012/10/27 06:02:46 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2012/10/27 06:02:46 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2012/10/27 06:02:46 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2012/10/27 06:02:46 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2012/10/27 06:02:46 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2012/10/27 06:02:46 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2012/10/27 06:02:45 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2012/10/27 06:02:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2012/10/27 06:02:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2012/10/27 06:02:44 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2012/10/27 06:02:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2012/10/27 06:02:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2012/10/27 06:02:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2012/10/27 06:02:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2012/10/27 06:02:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2012/10/27 06:02:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2012/10/27 06:02:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2012/10/27 06:02:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2012/10/27 06:02:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2012/10/27 06:02:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2012/10/27 06:02:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2012/10/27 06:02:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2012/10/27 06:02:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2012/10/27 06:02:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2012/10/27 06:02:44 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2012/10/27 06:02:43 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2012/10/27 06:02:43 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2012/10/27 06:02:43 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2012/10/27 06:02:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2012/10/27 06:02:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2012/10/27 06:02:43 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2012/10/27 06:02:43 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2012/10/27 06:02:43 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2012/10/27 06:02:43 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2012/10/27 06:02:43 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2012/10/27 06:02:43 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2012/10/27 06:02:43 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2012/10/27 06:02:43 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2012/10/27 06:02:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2012/10/27 06:02:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2012/10/27 06:02:43 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2012/10/27 06:02:43 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2012/10/27 06:02:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2012/10/27 06:02:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2012/10/27 06:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/10/27 06:02:42 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2012/10/27 06:02:42 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2012/10/27 06:02:42 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2012/10/27 06:02:42 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2012/10/27 06:02:42 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2012/10/27 06:02:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2012/10/27 06:02:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2012/10/27 06:02:41 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2012/10/27 06:02:41 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2012/10/27 06:02:41 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2012/10/27 06:02:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2012/10/27 06:02:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2012/10/27 06:02:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2012/10/27 06:02:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2012/10/27 06:02:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2012/10/27 06:02:40 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2012/10/27 06:02:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2012/10/27 06:02:40 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2012/10/27 06:02:40 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2012/10/27 06:02:40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2012/10/27 06:02:40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2012/10/27 06:02:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2012/10/27 06:02:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2012/10/27 06:02:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/10/27 06:02:39 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2012/10/27 06:02:39 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2012/10/27 06:02:39 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2012/10/27 06:02:38 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2012/10/27 06:02:35 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2012/10/27 06:02:34 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2012/10/27 06:02:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2012/10/27 06:02:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2012/10/27 06:02:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2012/10/27 06:02:33 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2012/10/27 06:02:33 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2012/10/27 06:02:33 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2012/10/27 06:02:33 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2012/10/27 06:02:33 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2012/10/27 06:02:33 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2012/10/27 06:02:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2012/10/27 06:02:32 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2012/10/27 06:02:32 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2012/10/27 06:02:31 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2012/10/27 06:02:31 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2012/10/27 06:02:30 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2012/10/27 06:02:30 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2012/10/27 06:02:30 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2012/10/27 06:02:30 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2012/10/27 06:01:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/19 04:14:36 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/11/19 04:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/19 04:09:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/11/19 04:09:25 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/11/19 04:07:02 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/11/18 19:29:41 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-2025429265-725345543-500.job
[2012/11/18 19:29:36 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-2025429265-725345543-500.job
[2012/11/18 19:29:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/17 21:47:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/17 21:23:58 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/11/17 21:23:57 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/11/17 08:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/11/16 00:58:29 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/11 17:08:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/11 11:39:00 | 000,000,993 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/11/11 01:05:23 | 000,000,174 | ---- | M] () -- C:\WINDOWS\W2W.ini
[2012/11/09 05:03:44 | 000,127,039 | ---- | M] () -- C:\Documents and Settings\Administrator\.ranktracker.properties
[2012/11/09 00:32:59 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/11/08 15:48:32 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2012/11/07 05:12:50 | 000,000,564 | ---- | M] () -- C:\WINDOWS\System32\ImgCache.pvi
[2012/11/07 05:12:14 | 000,885,384 | ---- | M] () -- C:\WINDOWS\System32\IMGCACHE.PVD
[2012/11/06 15:01:22 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to MARK DIGITAL MEDIA.lnk
[2012/11/04 17:52:32 | 000,384,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/04 17:52:32 | 000,054,064 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/01 20:50:47 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2012/11/01 20:49:35 | 000,409,600 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2012/11/01 20:49:34 | 000,114,688 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2012/10/30 21:13:44 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\GameSpy Arcade.lnk
[2012/10/30 20:54:17 | 000,001,038 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk
[2012/10/30 06:15:14 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/10/30 05:09:56 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2012/10/29 22:06:50 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/10/29 20:59:25 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My Documents.lnk
[2012/10/29 14:07:18 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/28 23:06:51 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/10/28 18:08:14 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Shortcut to My 3d Game Studio.lnk
[2012/10/28 01:52:23 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2012/10/28 00:53:22 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/10/28 00:53:16 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/10/28 00:53:16 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/10/28 00:53:15 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/10/27 22:53:46 | 000,000,025 | ---- | M] () -- C:\WINDOWS\mixerdef.ini
[2012/10/27 21:40:50 | 000,020,333 | ---- | M] () -- C:\WINDOWS\cmaudio.ini
[2012/10/27 19:48:29 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2012/10/27 16:47:52 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\The Proxomitron.lnk
[2012/10/27 08:21:35 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/27 08:21:34 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/27 08:21:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/27 08:21:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/27 08:21:34 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/10/27 08:21:33 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/10/27 08:21:33 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/10/27 07:24:31 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/10/27 07:12:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2012/10/27 07:12:20 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/27 07:12:20 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/27 06:49:25 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/10/27 06:49:22 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/27 06:43:13 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/10/27 06:43:08 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2012/10/27 06:40:01 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2012/10/27 06:40:01 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2012/10/27 06:22:06 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/10/27 06:22:00 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2012/10/27 06:20:56 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/10/27 06:19:12 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/10/27 06:05:55 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/10/27 06:05:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/10/27 06:05:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/10/27 06:05:55 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/10/27 06:05:55 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/10/27 06:05:52 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/10/27 06:05:52 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/10/27 06:05:46 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/10/27 06:03:36 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/19 04:09:25 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/11/11 11:39:00 | 000,000,993 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/11/11 11:38:58 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady 7.0.lnk
[2012/11/11 11:38:58 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop 7.0.lnk
[2012/11/11 06:42:13 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\WebDwarf.lnk
[2012/11/08 15:48:32 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2012/11/08 00:11:25 | 000,127,039 | ---- | C] () -- C:\Documents and Settings\Administrator\.ranktracker.properties
[2012/11/07 05:08:37 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\BROWSE.ocx
[2012/11/07 05:08:34 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2012/11/07 05:08:32 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2012/11/07 05:08:31 | 000,885,384 | ---- | C] () -- C:\WINDOWS\System32\IMGCACHE.PVD
[2012/11/07 05:08:31 | 000,466,949 | R--- | C] () -- C:\WINDOWS\System32\30KSamples.pvi
[2012/11/07 05:08:31 | 000,000,564 | ---- | C] () -- C:\WINDOWS\System32\ImgCache.pvi
[2012/11/06 15:01:22 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to MARK DIGITAL MEDIA.lnk
[2012/11/06 14:29:57 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Accounts.lnk
[2012/11/06 14:28:58 | 000,000,860 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Invoice.lnk
[2012/10/30 21:13:44 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\GameSpy Arcade.lnk
[2012/10/30 20:55:22 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/30 20:54:17 | 000,001,066 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\GameRanger.lnk
[2012/10/30 20:54:17 | 000,001,038 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk
[2012/10/30 06:15:14 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/10/30 05:09:56 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2012/10/30 04:25:32 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2012/10/30 04:25:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2012/10/29 22:06:50 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/10/29 20:59:25 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My Documents.lnk
[2012/10/29 04:25:55 | 000,000,174 | ---- | C] () -- C:\WINDOWS\W2W.ini
[2012/10/28 23:06:51 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/10/28 18:08:14 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Shortcut to My 3d Game Studio.lnk
[2012/10/28 06:37:29 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/10/28 04:47:41 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/28 01:52:23 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2012/10/28 00:54:07 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-2025429265-725345543-500.job
[2012/10/28 00:54:06 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-2025429265-725345543-500.job
[2012/10/27 23:55:04 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/10/27 22:22:29 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2012/10/27 22:22:27 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/10/27 19:48:29 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2012/10/27 19:08:51 | 000,035,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2012/10/27 19:08:50 | 002,515,656 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2012/10/27 19:08:50 | 000,655,842 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2012/10/27 19:08:50 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativdkxx.vp
[2012/10/27 19:08:50 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativckxx.vp
[2012/10/27 19:08:50 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp
[2012/10/27 19:08:48 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/10/27 19:08:48 | 000,006,126 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2012/10/27 17:51:01 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2012/10/27 17:02:51 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2012/10/27 16:47:52 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\The Proxomitron.lnk
[2012/10/27 16:40:21 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/27 07:24:31 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/10/27 07:23:56 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/10/27 07:12:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/10/27 07:12:20 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/27 07:12:20 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/27 07:12:20 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/27 06:51:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/10/27 06:51:33 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012/10/27 06:51:33 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012/10/27 06:51:33 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012/10/27 06:51:33 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012/10/27 06:51:18 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/10/27 06:51:11 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/10/27 06:51:11 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/10/27 06:51:11 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/10/27 06:51:11 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/10/27 06:51:11 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/10/27 06:51:10 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/10/27 06:50:45 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/27 06:49:24 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2012/10/27 06:49:02 | 000,000,211 | RHS- | C] () -- C:\boot.ini
[2012/10/27 06:49:00 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/10/27 06:42:43 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2012/10/27 06:42:43 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2012/10/27 06:42:43 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2012/10/27 06:42:41 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2012/10/27 06:42:40 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2012/10/27 06:42:40 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2012/10/27 06:42:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2012/10/27 06:42:37 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2012/10/27 06:22:07 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/10/27 06:22:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/10/27 06:22:00 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/10/27 06:21:55 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/27 06:21:52 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/10/27 06:21:52 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/10/27 06:20:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/10/27 06:19:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/10/27 06:06:52 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/10/27 06:06:46 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/10/27 06:06:45 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/10/27 06:06:44 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/10/27 06:06:35 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/10/27 06:06:32 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/10/27 06:06:23 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/10/27 06:05:55 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/10/27 06:05:55 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/10/27 06:05:55 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/10/27 06:05:55 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/10/27 06:05:55 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/10/27 06:05:53 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2012/10/27 06:05:52 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2012/10/27 06:05:52 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/10/27 06:05:52 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/10/27 06:04:55 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2012/10/27 06:04:17 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2012/10/27 06:04:17 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2012/10/27 06:04:12 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012/10/27 06:03:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/10/27 06:03:17 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2012/10/27 06:03:17 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/10/27 06:02:49 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2012/10/27 06:02:49 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2012/10/27 06:02:49 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2012/10/27 06:02:49 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2012/10/27 06:02:49 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2012/10/27 06:02:48 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2012/10/27 06:02:48 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2012/10/27 06:02:48 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2012/10/27 06:02:48 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2012/10/27 06:02:48 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2012/10/27 06:02:48 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2012/10/27 06:02:44 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2012/10/27 06:02:44 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2012/10/27 06:02:42 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2012/10/27 06:02:30 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc

========== ZeroAccess Check ==========

[2012/10/27 19:25:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2004/08/03 23:56:46 | 001,483,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2004/08/03 23:56:44 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2004/08/03 23:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

OTL Extras logfile created on: 19/11/2012 04:11:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.35 Mb Total Physical Memory | 313.98 Mb Available Physical Memory | 30.68% Memory free
4.81 Gb Paging File | 3.96 Gb Available in Paging File | 82.30% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 41.55 Gb Free Space | 55.76% Space Free | Partition Type: NTFS
Drive D: | 37.31 Gb Total Space | 4.02 Gb Free Space | 10.76% Space Free | Partition Type: NTFS
Drive E: | 621.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 537.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 590.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 627.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SKYNET01 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_USERS\S-1-5-21-1957994488-2025429265-725345543-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"89:TCP" = 89:TCP:*:Enabled:FlexiServer Web Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"D:\GAMES\Cryptic Studios\Star Trek Online\Live\GameClient.exe" = D:\GAMES\Cryptic Studios\Star Trek Online\Live\GameClient.exe:*:Enabled:GameClient -- ()
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"D:\STORAGE\My 3dGameStudio\WORK FOLDER\GAMELABS\Playerlab\MULTIPLAYERLAB\MyTemplate.cd\MyTemplate.exe" = D:\STORAGE\My 3dGameStudio\WORK FOLDER\GAMELABS\Playerlab\MULTIPLAYERLAB\MyTemplate.cd\MyTemplate.exe:*:Enabled:acknex
"D:\STORAGE\My 3d Game Studio\WORK FOLDER\GAMELABS\Playerlab\MULTIPLAYERLAB\MyTemplate.cd\MyTemplate.exe" = D:\STORAGE\My 3d Game Studio\WORK FOLDER\GAMELABS\Playerlab\MULTIPLAYERLAB\MyTemplate.cd\MyTemplate.exe:*:Enabled:acknex
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\GStudio6\bin\acknex.exe" = C:\Program Files\GStudio6\bin\acknex.exe:*:Enabled:acknex -- (Conitec)
"D:\STORAGE\My 3d Game Studio\WORK FOLDER\GAMELABS\Playerlab\MULTIPLAYERLAB\ontouch.cd\ontouch.exe" = D:\STORAGE\My 3d Game Studio\WORK FOLDER\GAMELABS\Playerlab\MULTIPLAYERLAB\ontouch.cd\ontouch.exe:*:Enabled:acknex
"D:\STORAGE\My 3d Game Studio\WORK FOLDER\GAMELABS\Playerlab\MULTIPLAYERLAB\BIN\ontouch.cd\ontouch.exe" = D:\STORAGE\My 3d Game Studio\WORK FOLDER\GAMELABS\Playerlab\MULTIPLAYERLAB\BIN\ontouch.cd\ontouch.exe:*:Enabled:acknex -- (Conitec)
"D:\STORAGE\My 3d Game Studio\WORK FOLDER\GAMELABS\Playerlab\MULTIPLAYERLAB\wildwestmp\West.exe" = D:\STORAGE\My 3d Game Studio\WORK FOLDER\GAMELABS\Playerlab\MULTIPLAYERLAB\wildwestmp\West.exe:*:Enabled:acknex
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"D:\GAMES\Codemasters\OperationFlashpoint\OperationFlashpoint\FLASHPOINTRESISTANCE.EXE" = D:\GAMES\Codemasters\OperationFlashpoint\OperationFlashpoint\FLASHPOINTRESISTANCE.EXE:*:Enabled:Operation Flashpoint -- ()
"C:\Documents and Settings\Administrator\Application Data\GameRanger\GameRanger\GameRanger.exe" = C:\Documents and Settings\Administrator\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger -- (GameRanger Technologies)
"D:\GAMES\Atari\ArmA Demo\ArmADemo.exe" = D:\GAMES\Atari\ArmA Demo\ArmADemo.exe:*:Enabled:ArmA Demo -- (Bohemia Interactive)
"D:\GAMES\Red Storm Entertainment\Ghost Recon\GhostRecon.exe" = D:\GAMES\Red Storm Entertainment\Ghost Recon\GhostRecon.exe:*:Enabled:GhostRecon -- ()
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe" = C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe:*:Enabled:Express Invoice -- (NCH Software)
"C:\Documents and Settings\Administrator\My Documents\My Downloads\OFPMonitor_v1.6.2.3\OFPMonitor.exe" = C:\Documents and Settings\Administrator\My Documents\My Downloads\OFPMonitor_v1.6.2.3\OFPMonitor.exe:*:Enabled:OFPMonitor.exe -- (by Poweruser)
"D:\GAMES\Codemasters\OperationFlashpoint\OperationFlashpoint\OFPR_Server.exe" = D:\GAMES\Codemasters\OperationFlashpoint\OperationFlashpoint\OFPR_Server.exe:*:Enabled:Operation Flashpoint -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{0AEF4677-C1BE-489C-A5BA-85382F8DA38B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2E92BEE2-9D81-426D-9B6C-B96B6673C51F}" = Tweet Adder 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1" = DriverIdentifier 4.2
"{446472DE-79C0-4708-B06E-0F8FAFDA6918}" = AVG 2013
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{639E8743-9438-4C91-9123-2AECD247950C}" = ATI Catalyst Control Center
"{6464A86E-AD03-4B25-82E3-29CCCA6702CA}" = 3D GameStudio / A6 Trial
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9BA2A8C7-BFFD-4125-9377-C191C3FF174F}" = AxCrypt 1.7.2867.0
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2340C67-0F20-4B9C-A3A8-CD8821582E5D}" = WebDwarf V2
"{DE5EB975-946C-4ADF-ABCC-3609BCEBF978}" = AVG 2013
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"All ATI Software" = ATI - Software Uninstall Utility
"ArmA Demo" = ArmA Demo Uninstall
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2013
"AVG Secure Search" = AVG Security Toolbar
"Belarc Advisor" = Belarc Advisor 8.1
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressAccounts" = Express Accounts
"ExpressInvoice" = Express Invoice
"FileZilla Client" = FileZilla Client 3.6.0
"Flashpoint" = Flashpoint uninstall
"Free Monitor for Google_is1" = Free Monitor for Google 2.5
"GameSpy Arcade" = GameSpy Arcade
"greenstreet Picture Browser" = greenstreet Picture Browser
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox 16.0.2 (x86 en-GB)" = Mozilla Firefox 16.0.2 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"RealPlayer 15.0" = RealPlayer
"seopowersuite" = Rank Tracker
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Proxomitron - Universal Web Filter_is1" = The Proxomitron Ver. Naoko-4.5
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 2.0.4
"Web Album Generator_is1" = Web Album Generator 1.8.2
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.46-1
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-2025429265-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"GameRanger" = GameRanger

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08/11/2012 00:00:28 | Computer Name = SKYNET01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 08/11/2012 20:33:21 | Computer Name = SKYNET01 | Source = Application Error | ID = 1000
Description = Faulting application MachineIdCreator.exe, version 10.2.0.2, faulting
module avguidx.dll, version 2012.0.0.1, fault address 0x00028ecd.

Error - 08/11/2012 22:38:55 | Computer Name = SKYNET01 | Source = Application Error | ID = 1000
Description = Faulting application dreamweaver.exe, version 7.0.2052.0, faulting
module dreamweaver.exe, version 7.0.2052.0, fault address 0x0019ad67.

Error - 10/11/2012 13:26:44 | Computer Name = SKYNET01 | Source = Application Error | ID = 1000
Description = Faulting application flashpointresistance.exe, version 1.0.0.96, faulting
module flashpointresistance.exe, version 1.0.0.96, fault address 0x0020a591.

Error - 11/11/2012 23:08:29 | Computer Name = SKYNET01 | Source = MsiInstaller | ID = 10005
Description = Product: Google Sitemap Generator (Beta) -- Please install Internet
Information Service 5.0 or higher.

Error - 15/11/2012 14:17:13 | Computer Name = SKYNET01 | Source = Application Error | ID = 1000
Description = Faulting application flashpointresistance.exe, version 1.0.0.96, faulting
module flashpointresistance.exe, version 1.0.0.96, fault address 0x000b905d.

Error - 16/11/2012 02:39:57 | Computer Name = SKYNET01 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module shdocvw.dll, version 6.0.2900.2180, fault address 0x000249cc.

Error - 17/11/2012 03:07:52 | Computer Name = SKYNET01 | Source = Application Error | ID = 1000
Description = Faulting application Setup.exe, version 0.0.0.0, faulting module Setup.exe,
version 0.0.0.0, fault address 0x0000661c.

Error - 17/11/2012 03:13:18 | Computer Name = SKYNET01 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 17/11/2012 20:23:13 | Computer Name = SKYNET01 | Source = Application Error | ID = 1000
Description = Faulting application mb_warband.exe, version 1.0.0.0, faulting module
mb_warband.exe, version 1.0.0.0, fault address 0x0006fc86.

[ OSession Events ]
Error - 28/10/2012 19:02:55 | Computer Name = SKYNET01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1706
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 08/11/2012 08:35:43 | Computer Name = SKYNET01 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 08/11/2012 08:35:43 | Computer Name = SKYNET01 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 08/11/2012 14:19:38 | Computer Name = SKYNET01 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to
connect.

Error - 08/11/2012 14:19:38 | Computer Name = SKYNET01 | Source = Service Control Manager | ID = 7000
Description = The AVGIDSAgent service failed to start due to the following error:
%%1053

Error - 08/11/2012 16:32:18 | Computer Name = SKYNET01 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 08/11/2012 16:32:18 | Computer Name = SKYNET01 | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 08/11/2012 16:32:18 | Computer Name = SKYNET01 | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 08/11/2012 16:32:30 | Computer Name = SKYNET01 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 08/11/2012 16:32:30 | Computer Name = SKYNET01 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 08/11/2012 18:37:30 | Computer Name = SKYNET01 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

< End of report >

5.) As I stated in my original post the Malwarebytes Anti-Malware seems to have done the trick. As the symptom of my AVG alerting me to the virus activating has now gone. It was just researching this I realised that I really didnt know using my methods, if my system was really clear

Edited by MDMedia, 18 November 2012 - 10:27 PM.

#4
SweetTech

Posted 19 November 2012 - 06:36 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hi MDMedia

1.) Could you give me some details as to what these programs do & the information your looking for?
I will try. Please note: some of the tools that we may use are safely guarded to protect the tool from malware writers.

In those cases I'll give you a general idea of what these tools do.

----

aswMBR.exe is a rootkit scanner that scans for specific types of infections (TDL4/3, Whistler, MBRoot (Sinowal), and other rootkits)

OTL is a utility which enables me to see a variety of locations where malware typically hides.

Please run this fix below.

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:Processes
KILLALLPROCESSES
:OTL
O3 - HKU\S-1-5-21-1957994488-2025429265-725345543-500\..\Toolbar\ShellBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-1957994488-2025429265-725345543-500\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
:Reg

:Files
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#5
MDMedia

Posted 19 November 2012 - 10:00 PM

New Member

Topic Starter
Member
5 posts

OTL LOG:
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1957994488-2025429265-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1957994488-2025429265-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 63873505 bytes
->Temporary Internet Files folder emptied: 15839908 bytes
->FireFox cache emptied: 438732459 bytes
->Flash cache emptied: 34392 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119049 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19419124 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 61090 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 514.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11202012_033603

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{35AD38F2-A5E6-4A04-9292-0498AE18412E}.tmp moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{79AE3ADF-5558-4799-B1E1-13BC9B2A9F86}.tmp moved successfully.
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{983AA462-5C5D-401D-9441-C551BE75E7E1}.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{F08ABB67-46AD-4264-9A77-50AF3F457DB5}.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\mso9B.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

COMBOFIX LOG:
ComboFix 12-11-19.03 - Administrator 20/11/2012 3:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.422 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cc805371483504ba.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\win.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-10-20 to 2012-11-20 )))))))))))))))))))))))))))))))
.
.
2012-11-20 03:36 . 2012-11-20 03:36 -------- d-----w- C:\_OTL
2012-10-28 22:16 . 2012-10-28 22:16 -------- d-----r- C:\MSOCache
2012-10-27 07:16 . 2012-10-27 07:16 -------- d-----w- C:\$AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-31 16:27 . 2001-08-23 12:00 12464 ----a-w- c:\windows\system32\drivers\secdrv.sys
2012-10-27 21:40 . 2012-10-27 17:02 712704 ----a-w- c:\windows\inf\OTHER\AUDIO3D.DLL
2012-10-22 13:02 . 2012-09-13 02:11 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-15 03:48 . 2012-09-21 02:45 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-10-05 03:32 . 2012-10-05 02:26 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-10-02 02:30 . 2012-10-02 02:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-21 02:46 . 2012-09-21 02:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-21 02:46 . 2012-09-21 02:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 02:45 . 2012-09-21 02:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-14 02:05 . 2012-09-14 02:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-09-04 11:51 . 2012-09-04 11:51 62864 ----a-w- c:\windows\system32\BSelList.dll
2012-09-04 11:50 . 2012-09-04 11:50 17296 ----a-w- c:\windows\system32\Baspi32i.exe
2012-09-04 11:50 . 2012-09-04 11:50 218512 ----a-w- c:\windows\system32\BACSCPL.cpl
2012-10-30 20:42 . 2012-10-30 20:42 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 00:32 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-09 997320]
"ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [2012-10-27 856160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2012-03-14 20065896]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-10-28 296096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-10-29 576000]
The Proxomitron.lnk - c:\program files\Proxomitron Naoko-4\Proxomitron.exe [2003-6-1 295424]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-11-11 113664]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"d:\\GAMES\\Cryptic Studios\\Star Trek Online\\Live\\GameClient.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\GStudio6\\bin\\acknex.exe"=
"d:\\STORAGE\\My 3d Game Studio\\WORK FOLDER\\GAMELABS\\Playerlab\\MULTIPLAYERLAB\\BIN\\ontouch.cd\\ontouch.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"d:\\GAMES\\Codemasters\\OperationFlashpoint\\OperationFlashpoint\\FLASHPOINTRESISTANCE.EXE"=
"c:\\Documents and Settings\\Administrator\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"d:\\GAMES\\Atari\\ArmA Demo\\ArmADemo.exe"=
"d:\\GAMES\\Red Storm Entertainment\\Ghost Recon\\GhostRecon.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Program Files\\NCH Software\\ExpressInvoice\\expressinvoice.exe"=
"c:\\Documents and Settings\\Administrator\\My Documents\\My Downloads\\OFPMonitor_v1.6.2.3\\OFPMonitor.exe"=
"d:\\GAMES\\Codemasters\\OperationFlashpoint\\OperationFlashpoint\\OFPR_Server.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"89:TCP"= 89:TCP:FlexiServer Web Server
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [21/09/2012 02:45 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 02:46 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 02:05 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [13/09/2012 02:11 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 02:45 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 02:30 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 02:46 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [27/10/2012 07:17 26984]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22/10/2012 13:05 196664]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [02/08/2012 17:30 154624]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [09/11/2012 00:34 711112]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [06/11/2012 19:00 5814392]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27/10/2012 23:55 1691480]
S3 ExpressAccountsService;Express Accounts;c:\program files\NCH Software\ExpressAccounts\expressaccounts.exe [06/11/2012 14:29 3051632]
S3 ExpressInvoiceService;Express Invoice;c:\program files\NCH Software\ExpressInvoice\expressinvoice.exe [06/11/2012 14:28 1984516]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [30/10/2012 19:28 14424]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-27 21:23]
.
2012-11-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-2025429265-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 13:27]
.
2012-11-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-2025429265-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 13:27]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h8cpteql.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B3ea5e823-9050-47c2-a89f-f293f337e896%7D&mid=&ds=AVG&v=12.2.5.34&lang=en&pr=fr&d=2012-10-27%2008%3A17%3A29&sap=ku&q=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-27 08:17; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.5
FF - ExtSQL: 2012-10-28 01:53; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: 2012-10-28 20:05; {6614d11d-d21d-b211-ae23-815234e1ebb5}; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h8cpteql.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi
FF - ExtSQL: 2012-10-29 00:41; [email protected]; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h8cpteql.default\extensions\[email protected]
FF - ExtSQL: 2012-11-14 19:03; [email protected]; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h8cpteql.default\extensions\[email protected]
FF - ExtSQL: 2012-11-14 22:06; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h8cpteql.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Flashpoint - c:\program files\Codemasters\UnInstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-20 03:52
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-11-20 03:54:33
ComboFix-quarantined-files.txt 2012-11-20 03:54
.
Pre-Run: 44,752,961,536 bytes free
Post-Run: 44,704,636,928 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - A82CE3D26D8E6D431260EDB508F92B31

#6
MDMedia

Posted 19 November 2012 - 10:06 PM

New Member

Topic Starter
Member
5 posts

I have had 2 blue screen crashes over the last week. I dont usually have them. But other than that she (my machine) seems to be fine. In fact after I ran Combofix, if anything she seemed a little faster?!

Have you seen anything of concern?

Regards
Ant

Edited by MDMedia, 19 November 2012 - 10:07 PM.

#7
SweetTech

Posted 20 November 2012 - 06:44 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hi!

I see a one thing that maybe cause for concern.

Did you open up this port?

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"89:TCP"= 89:TCP:FlexiServer Web Server

Please do these scans below:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. MalwareBytes' Anti-Malware log file.
3. ESET Online Virus Scan log file.
4. SecurityCheck log file.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

#8
MDMedia

Posted 23 November 2012 - 08:03 PM

New Member

Topic Starter
Member
5 posts

Hi sorry for the delay

I just got swamped. That port was opened by some accounting software I was trying out, I didnt remember it was still there.

1.) Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.17.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Administrator :: SKYNET01 [administrator]

17/11/2012 18:24:49
mbam-log-2012-11-17 (18-24-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187212
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

2.) I had a problem with ESET Online Scanner I didnt anticipate it would take so long and had to stop the process at 20%.
Please advise

#9
SweetTech

Posted 25 November 2012 - 01:39 PM

Sir SpamAlot

Retired Staff
7,671 posts

No worries, I know how real life can be.

Thanks for that information regarding that open port.

2.) I had a problem with ESET Online Scanner I didnt anticipate it would take so long and had to stop the process at 20%.

Do you happen to recall about how long it took to get to 20% completion?

If we can I'd really like to get ESET Online Scanner to run completely so that we can see if anything is hiding.

-ST.