[Nimation]

Hi, It's been quite a while since I figured that every executable file in my PC stopped working occasionally and Also Windows Explorer never boot up and whenever I scanned the PC with antivirus (AVG particularly)it would screw up the whole system, removing all system files and I had to reinstall OS again. So I always have to do the Alt+Ctrl+Del thingy to bring up Explorer.exe and I always keep a copy of any executable file in a rar file just in case they stop working and never use any antivirus. It's really annoying. I didn't know what it could be at first so I started searching about it on the internet and found out about this win32.Vitro trojan. They say the only way to get rid of it is to back up your data and format and wipe your drive. Anyways, I got couple of questions:

1. Is there really no other way than formatting your hard drive to get rid of the virus? If there is please tell

2. How can I be sure that this is win32.vitro specifically and not some other virus? Anything to identify that with?
I mean My computer was infected by lpk.dll virus in the past which destroys exe files also.

3. Does every single executable file gets infected cause If I am to back up my files, there are certainly much softwares and desktop games I would miss. How can I tell a file is infected or not? (without antivirus)

Thanks in advance... and sorry for my poor english.

[Advertisements]

If you have an infected file you can submit it to virustotal.com and get a report on it from about 42 different anti-virus companies.
That should tell you which virus you have (Tho you usually get several different names as they can seldom all agree on a name) Also you can do a free online ESET scan and tell them not to remove the files but just to report.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).
# Uncheck Remove Found Threats
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


You might want to let us look at your OTL logs. It might not be as bad as AVG thinks.

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron

[RKinner]

If you have an infected file you can submit it to virustotal.com and get a report on it from about 42 different anti-virus companies.
That should tell you which virus you have (Tho you usually get several different names as they can seldom all agree on a name) Also you can do a free online ESET scan and tell them not to remove the files but just to report.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).
# Uncheck Remove Found Threats
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


You might want to let us look at your OTL logs. It might not be as bad as AVG thinks.

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron

[Nimation]

^^ Thanks for the replay. I can't open any of the sites you mentioned. maybe it's just they are blocked in my country or something. But I hope these OTL logs are enough: (is it supposed to be this long?)

Extras

OTL Extras logfile created on: 2013/07/30 06:59:58 ق.ظ - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = C:\downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000429 | Country: Iran | Language: FAR | Date Format: yyyy/MM/dd
 
2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 75.80% Memory free
3.85 Gb Paging File | 3.59 Gb Available in Paging File | 93.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.47 Gb Free Space | 48.50% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 8.87 Gb Free Space | 18.16% Space Free | Partition Type: NTFS
Drive E: | 98.64 Gb Total Space | 5.57 Gb Free Space | 5.64% Space Free | Partition Type: NTFS
Drive F: | 98.64 Gb Total Space | 27.48 Gb Free Space | 27.86% Space Free | Partition Type: NTFS
Drive G: | 98.64 Gb Total Space | 9.66 Gb Free Space | 9.79% Space Free | Partition Type: NTFS
Drive H: | 101.48 Gb Total Space | 0.85 Gb Free Space | 0.84% Space Free | Partition Type: NTFS
 
Computer Name: ARYANCD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (All) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- "%1" %*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Unable to open value key
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Unable to open value key
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Create THM from folder...] -- C:\PROGRA~1\PS3TOO~1\ps3tools\tools\mmTM_GUI.exe "%1" --out "%1" (www.aldostools.org)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Hash folder...] -- C:\PROGRA~1\PS3TOO~1\ps3tools\tools\PS3_GA~1.exe  "%1" (http://www.aldostools.org)
Directory [Make PKG...] -- C:\PROGRA~1\PS3TOO~1\ps3tools\tools\PKG_CO~1.exe  "%1" (aldostools.org)
Directory [Split folder...] -- C:\PROGRA~1\PS3TOO~1\ps3tools\tools\PS3_FI~1.EXE  "%1" (http://www.aldostools.org)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"\??\C:\WINDOWS\system32\winlogon.exe" = \??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1 -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\PANDORA.TV\PanService\PanProcess.exe" = C:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe" = C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService
"C:\Documents and Settings\Administrator\Desktop\explorer.exe" = C:\Documents and Settings\Administrator\Desktop\explorer.exe:*:Disabled:Windows Explorer
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Service Pack 1 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Service Pack 1 Redistributable
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B3332FCA-3B51-4053-8C2D-9F7ACFE6065A}" = Wocarson Windows Genuine Advantage Validation v1.9.9.1 Cracked V2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 Service Pack 1
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft Web Services Enhancements 2.0 SP3
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bandwidth Monitor" = Bandwidth Monitor 3.4 build 749
"CDisplay_is1" = CDisplay 1.8
"ExpatShield" = Expat Shield 2.25
"Internet Download Manager" = Internet Download Manager
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Service Pack 1" = Microsoft .NET Framework 3.5 Service Pack 1
"Microsoft Silverlight" = Microsoft Silverlight
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NPDRM GUI Tools" = NPDRM GUI Tools
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Orbit_is1" = Orbit Downloader
"QuicktimeAlt_is1" = QuickTime Alternative 2.7.0
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"Spyware Cease 2011_is1" = Spyware Cease v7.1
"The KMPlayer" = The KMPlayer (remove only)
"UltraISO_is1" = UltraISO Premium V9.53
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"XpsEP" = XPS Essentials Pack 1.0
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2013/07/27 07:33:37 ق.ظ | Computer Name = ARYANCD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 2013/07/27 07:33:39 ق.ظ | Computer Name = ARYANCD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This operation returned because the timeout period expired.  
 
Error - 2013/07/27 07:33:39 ق.ظ | Computer Name = ARYANCD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The specified server cannot perform the requested operation.  
 
Error - 2013/07/27 07:33:39 ق.ظ | Computer Name = ARYANCD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 2013/07/27 07:35:07 ق.ظ | Computer Name = ARYANCD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This operation returned because the timeout period expired.  
 
Error - 2013/07/27 07:35:07 ق.ظ | Computer Name = ARYANCD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 2013/07/27 07:35:18 ق.ظ | Computer Name = ARYANCD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This operation returned because the timeout period expired.  
 
Error - 2013/07/27 07:35:36 ق.ظ | Computer Name = ARYANCD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 2013/07/27 07:35:55 ق.ظ | Computer Name = ARYANCD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 2013/07/27 08:49:45 ق.ظ | Computer Name = ARYANCD | Source = Application Error | ID = 1000
Description = Faulting application bwmonitor.exe, version 3.4.0.749, faulting module
 bwmonitor.exe, version 3.4.0.749, fault address 0x00014765.
 
[ System Events ]
Error - 2013/07/23 06:53:49 ق.ظ | Computer Name = ARYANCD | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
 with DCOM within the required timeout.
 
Error - 2013/07/23 06:56:19 ق.ظ | Computer Name = ARYANCD | Source = Dhcp | ID = 1002
Description = The IP address lease 10.254.72.30 for the Network Card with network
 address 00FF63116FA5 has been  denied by the DHCP server 10.254.111.254 (The DHCP
 Server sent a DHCPNACK message).
 
Error - 2013/07/23 07:57:59 ق.ظ | Computer Name = ARYANCD | Source = Dhcp | ID = 1002
Description = The IP address lease 10.254.104.99 for the Network Card with network
 address 00FF63116FA5 has been  denied by the DHCP server 10.254.15.254 (The DHCP 
Server sent a DHCPNACK message).
 
Error - 2013/07/23 08:59:29 ق.ظ | Computer Name = ARYANCD | Source = Dhcp | ID = 1002
Description = The IP address lease 10.254.8.49 for the Network Card with network
 address 00FF63116FA5 has been  denied by the DHCP server 10.254.71.254 (The DHCP 
Server sent a DHCPNACK message).
 
Error - 2013/07/23 10:02:49 ق.ظ | Computer Name = ARYANCD | Source = Dhcp | ID = 1002
Description = The IP address lease 10.254.64.58 for the Network Card with network
 address 00FF63116FA5 has been  denied by the DHCP server 10.254.119.254 (The DHCP
 Server sent a DHCPNACK message).
 
Error - 2013/07/23 10:22:04 ق.ظ | Computer Name = ARYANCD | Source = Dhcp | ID = 1002
Description = The IP address lease 10.254.112.84 for the Network Card with network
 address 00FF63116FA5 has been  denied by the DHCP server 10.254.103.254 (The DHCP
 Server sent a DHCPNACK message).
 
Error - 2013/07/23 11:23:44 ق.ظ | Computer Name = ARYANCD | Source = Dhcp | ID = 1002
Description = The IP address lease 10.254.96.76 for the Network Card with network
 address 00FF63116FA5 has been  denied by the DHCP server 10.254.71.254 (The DHCP 
Server sent a DHCPNACK message).
 
Error - 2013/07/23 12:36:34 ب.ظ | Computer Name = ARYANCD | Source = Dhcp | ID = 1002
Description = The IP address lease 10.254.64.7 for the Network Card with network
 address 00FF63116FA5 has been  denied by the DHCP server 10.254.55.254 (The DHCP 
Server sent a DHCPNACK message).
 
Error - 2013/07/23 12:39:13 ب.ظ | Computer Name = ARYANCD | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
 address 001A92E6BA42 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 2013/07/23 12:45:19 ب.ظ | Computer Name = ARYANCD | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
 address 001A92E6BA42 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
 
< End of report >

OTL logfile created on: 2013/07/30 06:59:58 ق.ظ - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = C:\downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000429 | Country: Iran | Language: FAR | Date Format: yyyy/MM/dd
 
2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 75.80% Memory free
3.85 Gb Paging File | 3.59 Gb Available in Paging File | 93.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.47 Gb Free Space | 48.50% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 8.87 Gb Free Space | 18.16% Space Free | Partition Type: NTFS
Drive E: | 98.64 Gb Total Space | 5.57 Gb Free Space | 5.64% Space Free | Partition Type: NTFS
Drive F: | 98.64 Gb Total Space | 27.48 Gb Free Space | 27.86% Space Free | Partition Type: NTFS
Drive G: | 98.64 Gb Total Space | 9.66 Gb Free Space | 9.79% Space Free | Partition Type: NTFS
Drive H: | 101.48 Gb Total Space | 0.85 Gb Free Space | 0.84% Space Free | Partition Type: NTFS
 
Computer Name: ARYANCD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/07/30 06:52:47 | 000,628,736 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL_3.exe
PRC - [2013/07/14 02:57:02 | 000,339,416 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/05/02 12:10:54 | 000,681,436 | ---- | M] (orbitdownloader.com) -- C:\Program Files\Orbitdownloader\Grab.exe
PRC - [2013/05/02 12:06:58 | 000,763,350 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2012/12/12 18:14:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2012/01/18 01:50:26 | 000,653,640 | ---- | M] () -- C:\Program Files\Expat Shield\bin\openvpntray.exe
PRC - [2012/01/18 01:45:44 | 000,331,608 | ---- | M] () -- C:\Program Files\Expat Shield\bin\openvpnas.exe
PRC - [2012/01/05 03:32:02 | 000,329,544 | ---- | M] () -- C:\Program Files\Expat Shield\bin\hsswd.exe
PRC - [2012/01/05 03:31:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Expat Shield\HssWPR\hsssrv.exe
PRC - [2010/02/28 00:32:06 | 000,443,356 | ---- | M] (BWMONITOR.COM) -- C:\Program Files\BandwidthMonitor\BWMonitor.exe
PRC - [2008/04/14 16:30:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/27 14:59:24 | 000,447,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013/07/29 20:57:59 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Temp\vra6.tmp
MOD - [2013/07/29 20:57:59 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Temp\vra5.tmp
MOD - [2013/07/29 20:57:59 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Temp\vra3.tmp
MOD - [2013/07/29 20:57:48 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Temp\rna1.tmp
MOD - [2013/07/21 23:41:31 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Temp\cxc1AA.tmp
MOD - [2012/01/18 01:51:26 | 000,009,544 | ---- | M] () -- C:\Program Files\Expat Shield\bin\lang\gui-eng.dll
MOD - [2012/01/18 01:50:26 | 000,653,640 | ---- | M] () -- C:\Program Files\Expat Shield\bin\openvpntray.exe
MOD - [2012/01/18 01:45:44 | 000,331,608 | ---- | M] () -- C:\Program Files\Expat Shield\bin\openvpnas.exe
MOD - [2012/01/05 03:32:02 | 000,329,544 | ---- | M] () -- C:\Program Files\Expat Shield\bin\hsswd.exe
MOD - [2009/11/18 23:51:46 | 000,473,704 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2009/03/30 07:04:30 | 000,280,143 | ---- | M] () -- C:\Program Files\Expat Shield\bin\libidn-11.dll
MOD - [2009/03/28 00:32:24 | 000,332,254 | ---- | M] () -- C:\Program Files\Expat Shield\bin\libssl32.dll
MOD - [2009/03/28 00:32:22 | 001,554,920 | ---- | M] () -- C:\Program Files\Expat Shield\bin\libeay32.dll
MOD - [2009/02/12 02:00:02 | 000,190,976 | ---- | M] () -- C:\WINDOWS\system32\WgaLogon.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\yygeym.exe -- (ncbxcoksfz)
SRV - [2013/07/14 02:57:02 | 000,339,416 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/18 18:51:21 | 000,294,872 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/18 01:52:02 | 000,255,452 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Expat Shield\bin\EXPATTrayService.exe -- (ExpatTrayService)
SRV - [2012/01/18 01:45:44 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Expat Shield\bin\openvpnas.exe -- (ExpatShieldService)
SRV - [2012/01/05 03:32:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Expat Shield\bin\hsswd.exe -- (ExpatWd)
SRV - [2012/01/05 03:31:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Expat Shield\HssWPR\hsssrv.exe -- (ExpatSrv)
SRV - [2005/04/27 14:59:24 | 000,447,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/06/27 14:27:42 | 000,118,344 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2012/01/05 03:31:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/05/13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/05/13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/05/13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/30 10:54:06 | 000,034,736 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/11/14 01:16:38 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2006/08/14 02:39:00 | 000,083,200 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2004/08/13 07:26:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.5
FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.53
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2013/07/21 19:24:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2013/07/21 19:24:20 | 000,000,000 | ---D | M]
 
[2013/07/14 02:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/07/28 03:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9iw30a3g.default\extensions
[2013/07/14 03:13:37 | 000,350,663 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9iw30a3g.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/07/28 03:46:18 | 000,824,431 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9iw30a3g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/17 16:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/17 16:05:46 | 000,000,000 | ---D | M] (Expat Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/07/14 02:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/14 02:42:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/21 19:24:20 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\IDM\IDMMZCC5
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - Extension: saaFe  saave = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmofclbgcldhlneeekegkmandcnjhcig\1\
 
O1 HOSTS File: ([2013/07/29 20:57:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.Brenz.pl
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [SCHelper.exe] C:\Program Files\Spyware Cease 2011\SCHelper.exe (QW Computer)
O4 - HKLM..\Run: [SpywareCease2011.exe] C:\Program Files\Spyware Cease 2011\SpywareCease2011.exe (QW Computer)
O4 - HKCU..\Run: [BandwidthMonitor] C:\Program Files\BandwidthMonitor\BWMonitor.exe (BWMONITOR.COM)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F06DD4D-DCA9-430B-924D-9A1D2A454F6E}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/07/14 01:42:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 11
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {83ACCF02-DFA1-4555-AAF2-529EC15ACE27} - Microsoft .NET Framework 1.1 Hotfix (KB947742)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
System Restore Service not available.
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/07/30 05:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Cease 2011
[2013/07/30 05:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Cease 2011
[2013/07/27 16:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PS3 Tools
[2013/07/27 16:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\NPDRM GUI Tools
[2013/07/26 21:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Halfbrick
[2013/07/26 21:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Intel
[2013/07/26 21:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Fruit Ninja HD
[2013/07/26 21:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\Fruit Ninja HD
[2013/07/25 22:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Stella
[2013/07/24 18:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\ps3tools
[2013/07/22 16:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.vfsjfilechooser
[2013/07/21 18:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AlawarWrapper
[2013/07/20 21:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Cool Reader
[2013/07/20 21:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\cr3
[2013/07/17 16:06:20 | 000,000,000 | ---D | C] -- C:\Expat Shield
[2013/07/17 16:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Expat Shield
[2013/07/17 16:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\Expat Shield
[2013/07/17 08:11:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/07/17 08:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/07/17 08:01:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/07/16 11:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\MAMEUIFX32
[2013/07/16 09:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2013/07/16 03:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Tools
[2013/07/14 13:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ps3psarc
[2013/07/14 06:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/07/14 06:04:39 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2013/07/14 06:04:39 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2013/07/14 06:04:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2013/07/14 06:04:38 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2013/07/14 06:02:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2013/07/14 06:00:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2013/07/14 05:59:25 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2013/07/14 05:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2013/07/14 05:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2013/07/14 05:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2013/07/14 05:59:17 | 000,000,000 | R--D | C] -- C:\Program Files
[2013/07/14 05:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2013/07/14 05:59:13 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Thawbrkr.dll
[2013/07/14 05:59:12 | 000,005,120 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgeo.dll
[2013/07/14 05:59:12 | 000,005,120 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdarmw.dll
[2013/07/14 05:59:12 | 000,005,120 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdarme.dll
[2013/07/14 05:59:10 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinpun.dll
[2013/07/14 05:59:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdintel.dll
[2013/07/14 05:59:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinmar.dll
[2013/07/14 05:59:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinkan.dll
[2013/07/14 05:59:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinhin.dll
[2013/07/14 05:59:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinguj.dll
[2013/07/14 05:59:09 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_iscii.dll
[2013/07/14 05:59:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdvntc.dll
[2013/07/14 05:59:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdintam.dll
[2013/07/14 05:59:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdindev.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdurdu.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsyr2.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsyr1.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfa.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbddiv2.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbddiv1.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbda3.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbda2.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbda1.dll
[2013/07/14 05:59:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusa.dll
[2013/07/14 05:58:58 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdheb.dll
[2013/07/14 05:58:48 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdth3.dll
[2013/07/14 05:58:47 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdth2.dll
[2013/07/14 05:58:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftlx041e.dll
[2013/07/14 05:58:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdth1.dll
[2013/07/14 05:58:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdth0.dll
[2013/07/14 05:58:42 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2013/07/14 05:58:41 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2013/07/14 05:58:41 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2013/07/14 05:58:34 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2013/07/14 05:58:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2013/07/14 05:58:34 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2013/07/14 05:58:34 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2013/07/14 05:58:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2013/07/14 05:58:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2013/07/14 05:58:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2013/07/14 05:58:32 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2013/07/14 05:58:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2013/07/14 05:58:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2013/07/14 05:58:31 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2013/07/14 05:58:31 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2013/07/14 05:58:29 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2013/07/14 05:58:29 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2013/07/14 05:58:29 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2013/07/14 05:58:29 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2013/07/14 05:58:29 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2013/07/14 05:58:28 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2013/07/14 05:58:28 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2013/07/14 05:58:28 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2013/07/14 05:58:28 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2013/07/14 05:58:28 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2013/07/14 05:58:28 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2013/07/14 05:58:28 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2013/07/14 05:58:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2013/07/14 05:58:18 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2013/07/14 05:58:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2013/07/14 05:58:17 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2013/07/14 05:58:17 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2013/07/14 05:58:17 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2013/07/14 05:58:17 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2013/07/14 05:58:16 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2013/07/14 05:58:16 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2013/07/14 05:58:16 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2013/07/14 05:58:16 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2013/07/14 05:58:16 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2013/07/14 05:58:16 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2013/07/14 05:58:15 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2013/07/14 05:58:15 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2013/07/14 05:58:15 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2013/07/14 05:58:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2013/07/14 05:58:15 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2013/07/14 05:58:15 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2013/07/14 05:58:14 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2013/07/14 05:58:14 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2013/07/14 05:58:14 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2013/07/14 05:58:14 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2013/07/14 05:58:14 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2013/07/14 05:58:14 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2013/07/14 05:58:13 | 000,220,124 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2013/07/14 05:58:13 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2013/07/14 05:58:13 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2013/07/14 05:58:12 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2013/07/14 05:58:12 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2013/07/14 05:58:12 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2013/07/14 05:58:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2013/07/14 05:57:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2013/07/14 05:57:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2013/07/14 05:57:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2013/07/14 05:57:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2013/07/14 05:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2013/07/14 05:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2013/07/14 05:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2013/07/14 05:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2013/07/14 05:55:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2013/07/14 05:55:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2013/07/14 05:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2013/07/14 05:52:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/07/14 05:42:35 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2013/07/14 05:42:35 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2013/07/14 05:42:35 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2013/07/14 05:42:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Offline Web Pages
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2013/07/14 04:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Warlords Battlecry III
[2013/07/14 04:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Games
[2013/07/14 04:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\LDW
[2013/07/14 04:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Deer Drive
[2013/07/14 04:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Farmington Tales
[2013/07/14 04:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ViquaSoft
[2013/07/14 04:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\URSE Games
[2013/07/14 04:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PlayFirst
[2013/07/14 04:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Meridian93
[2013/07/14 04:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ManifestoGames
[2013/07/14 04:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GameHouse
[2013/07/14 04:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\EA
[2013/07/14 04:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Chicken Chase
[2013/07/14 04:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AlawarEntertainment
[2013/07/14 04:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Alawar
[2013/07/14 04:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\1morebee
[2013/07/14 04:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\YoudaGames
[2013/07/14 04:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\PlayfulAge
[2013/07/14 04:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2013/07/14 04:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2013/07/14 04:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OrganicCoffee
[2013/07/14 04:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2013/07/14 04:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2013/07/14 04:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2013/07/14 04:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2013/07/14 04:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Rome
[2013/07/14 04:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EA
[2013/07/14 04:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CrioGames
[2013/07/14 04:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2013/07/14 03:56:17 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01005.dll
[2013/07/14 03:56:17 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WdfCoInstaller01005.dll
[2013/07/14 03:56:17 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadmdm.sys
[2013/07/14 03:56:17 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadbus.sys
[2013/07/14 03:56:17 | 000,114,280 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadserd.sys
[2013/07/14 03:56:17 | 000,030,312 | ---- | C] (Google Inc) -- C:\WINDOWS\System32\drivers\ssadadb.sys
[2013/07/14 03:56:17 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadmdfl.sys
[2013/07/14 03:56:17 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadcmnt.sys
[2013/07/14 03:56:17 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadcm.sys
[2013/07/14 03:56:17 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadwhnt.sys
[2013/07/14 03:56:17 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadwh.sys
[2013/07/14 03:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2013/07/14 03:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\saaFe  saave
[2013/07/14 03:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2013/07/14 03:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/07/14 03:26:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/07/14 03:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2013/07/14 03:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BWMonitor
[2013/07/14 02:58:51 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2013/07/14 02:58:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2013/07/14 02:58:50 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2013/07/14 02:58:50 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2013/07/14 02:58:50 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2013/07/14 02:58:50 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2013/07/14 02:58:49 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2013/07/14 02:58:49 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2013/07/14 02:58:49 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2013/07/14 02:58:49 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2013/07/14 02:58:49 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2013/07/14 02:58:48 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2013/07/14 02:58:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2013/07/14 02:58:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2013/07/14 02:58:47 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2013/07/14 02:58:47 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2013/07/14 02:58:47 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2013/07/14 02:58:47 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2013/07/14 02:58:46 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2013/07/14 02:58:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2013/07/14 02:58:46 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2013/07/14 02:58:46 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2013/07/14 02:58:45 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2013/07/14 02:58:45 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2013/07/14 02:58:45 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2013/07/14 02:58:45 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2013/07/14 02:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\CDisplay
[2013/07/14 02:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CDisplay
[2013/07/14 02:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2013/07/14 02:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/07/14 02:57:19 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/07/14 02:57:19 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/07/14 02:57:19 | 000,424,414 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/14 02:57:19 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/07/14 02:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\BandwidthMonitor
[2013/07/14 02:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Bandwidth Monitor
[2013/07/14 02:57:08 | 000,351,706 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/14 02:57:08 | 000,351,704 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/14 02:57:08 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/14 02:55:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\UltraISO
[2013/07/14 02:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2013/07/14 02:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My ISO Files
[2013/07/14 02:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems
[2013/07/14 02:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IDM
[2013/07/14 02:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IDM
[2013/07/14 02:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2013/07/14 02:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2013/07/14 02:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager
[2013/07/14 02:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Download Manager
[2013/07/14 02:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2013/07/14 02:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ProgSense
[2013/07/14 02:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Orbit
[2013/07/14 02:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GrabPro
[2013/07/14 02:48:58 | 000,000,000 | ---D | C] -- C:\downloads
[2013/07/14 02:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2013/07/14 02:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Orbit
[2013/07/14 02:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2013/07/14 02:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/07/14 02:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/07/14 02:45:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2013/07/14 02:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2013/07/14 02:43:37 | 000,869,850 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/07/14 02:43:37 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/07/14 02:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2013/07/14 02:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2013/07/14 02:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/07/14 02:42:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/07/14 02:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/07/14 02:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PANDORATV
[2013/07/14 02:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\The KMPlayer
[2013/07/14 02:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2013/07/14 02:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2013/07/14 02:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
[2013/07/14 02:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2013/07/14 02:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/07/14 02:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Wocarson
[2013/07/14 02:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Mini Games
[2013/07/14 02:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2013/07/14 02:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2013/07/14 02:32:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/07/14 02:31:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2013/07/14 02:31:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2013/07/14 02:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Realtek
[2013/07/14 02:29:31 | 000,083,200 | R--- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys
[2013/07/14 02:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/07/14 02:29:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2013/07/14 02:29:22 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2013/07/14 02:27:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2013/07/14 02:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NVIDIA Corporation
[2013/07/14 02:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/07/14 02:23:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2013/07/14 02:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/07/14 02:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2013/07/14 02:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/07/14 02:21:29 | 013,602,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2013/07/14 02:21:29 | 011,374,592 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2013/07/14 02:21:29 | 004,038,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2013/07/14 02:21:29 | 002,259,560 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2013/07/14 02:21:29 | 001,989,224 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2013/07/14 02:21:29 | 001,056,768 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2013/07/14 02:21:29 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2013/07/14 02:21:29 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2013/07/14 02:21:29 | 000,069,632 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2013/07/14 02:21:21 | 006,282,752 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2013/07/14 02:21:11 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/07/14 02:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2013/07/14 02:16:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2013/07/14 02:16:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2013/07/14 02:16:04 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2013/07/14 02:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2013/07/14 02:15:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2013/07/14 02:15:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2013/07/14 02:15:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2013/07/14 02:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2013/07/14 02:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2013/07/14 02:15:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2013/07/14 02:15:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2013/07/14 02:15:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/07/14 02:15:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2013/07/14 02:15:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2013/07/14 02:15:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2013/07/14 02:15:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2013/07/14 02:15:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2013/07/14 02:15:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2013/07/14 02:15:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2013/07/14 02:15:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2013/07/14 02:15:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2013/07/14 02:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\GSpot
[2013/07/14 02:13:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2013/07/14 02:13:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2013/07/14 02:10:00 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2013/07/14 02:09:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2013/07/14 02:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Utilities
[2013/07/14 02:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2013/07/14 02:06:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/07/14 02:06:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2013/07/14 02:05:58 | 000,339,922 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsmanhttpconfig.exe
[2013/07/14 02:05:58 | 000,242,138 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winrs.exe
[2013/07/14 02:05:58 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsmres.dll
[2013/07/14 02:05:58 | 000,223,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winrshost.exe
[2013/07/14 02:05:58 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winrsmgr.dll
[2013/07/14 02:05:58 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsmwmipl.dll
[2013/07/14 02:05:58 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winrscmd.dll
[2013/07/14 02:05:58 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsmauto.dll
[2013/07/14 02:05:58 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wevtfwd.dll
[2013/07/14 02:05:58 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsmprov.dll
[2013/07/14 02:05:58 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winrssrv.dll
[2013/07/14 02:05:58 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsmcl.dll
[2013/07/14 02:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal Viewer
[2013/07/14 02:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\UPHClean
[2013/07/14 02:05:35 | 001,379,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2013/07/14 02:05:21 | 001,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2013/07/14 01:59:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2013/07/14 01:59:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2013/07/14 01:59:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2013/07/14 01:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/07/14 01:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/07/14 01:59:14 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2013/07/14 01:59:10 | 000,624,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2013/07/14 01:59:09 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2013/07/14 01:59:09 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2013/07/14 01:59:09 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2013/07/14 01:59:06 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2013/07/14 01:59:03 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2013/07/14 01:57:49 | 000,222,678 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qchain.exe
[2013/07/14 01:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\GSpot
[2013/07/14 01:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2013/07/14 01:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime Alternative
[2013/07/14 01:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/07/14 01:54:43 | 000,090,112 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2013/07/14 01:54:43 | 000,057,344 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2013/07/14 01:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2013/07/14 01:54:22 | 000,410,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2013/07/14 01:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/07/14 01:53:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2013/07/14 01:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/07/14 01:53:02 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2013/07/14 01:53:02 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2013/07/14 01:53:02 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2013/07/14 01:53:02 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2013/07/14 01:53:02 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_9.dll
[2013/07/14 01:53:02 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_8.dll
[2013/07/14 01:53:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine3_2.dll
[2013/07/14 01:53:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine3_1.dll
[2013/07/14 01:53:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine3_0.dll
[2013/07/14 01:53:02 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine3_3.dll
[2013/07/14 01:53:02 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XInput1_3.dll
[2013/07/14 01:53:02 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2013/07/14 01:53:02 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2013/07/14 01:53:02 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2013/07/14 01:53:02 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XInput1_2.dll
[2013/07/14 01:53:02 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XInput1_1.dll
[2013/07/14 01:53:02 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XInput9_1_0.dll
[2013/07/14 01:53:01 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2013/07/14 01:53:01 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_39.dll
[2013/07/14 01:53:01 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_10.dll
[2013/07/14 01:53:01 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_7.dll
[2013/07/14 01:53:01 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_6.dll
[2013/07/14 01:53:01 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_5.dll
[2013/07/14 01:53:01 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_4.dll
[2013/07/14 01:53:01 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_3.dll
[2013/07/14 01:53:01 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_2.dll
[2013/07/14 01:53:01 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_0.dll
[2013/07/14 01:53:01 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_1.dll
[2013/07/14 01:53:01 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2013/07/14 01:53:01 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2013/07/14 01:53:01 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2013/07/14 01:53:01 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2013/07/14 01:53:01 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2013/07/14 01:53:01 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_0.dll
[2013/07/14 01:53:00 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_38.dll
[2013/07/14 01:53:00 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_37.dll
[2013/07/14 01:53:00 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2013/07/14 01:53:00 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2013/07/14 01:52:59 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2013/07/14 01:52:59 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2013/07/14 01:52:59 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2013/07/14 01:52:59 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2013/07/14 01:52:59 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2013/07/14 01:52:58 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2013/07/14 01:52:58 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2013/07/14 01:52:58 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2013/07/14 01:52:58 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2013/07/14 01:52:58 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2013/07/14 01:52:58 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2013/07/14 01:52:58 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2013/07/14 01:52:58 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2013/07/14 01:52:58 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2013/07/14 01:52:58 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2013/07/14 01:52:57 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2013/07/14 01:52:57 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2013/07/14 01:52:57 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2013/07/14 01:52:57 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2013/07/14 01:52:57 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2013/07/14 01:52:57 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2013/07/14 01:52:57 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2013/07/14 01:52:57 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2013/07/14 01:52:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2013/07/14 01:52:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2013/07/14 01:52:57 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2013/07/14 01:52:57 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2013/07/14 01:52:57 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10.dll
[2013/07/14 01:52:30 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/07/14 01:52:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2013/07/14 01:52:30 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013/07/14 01:52:29 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/07/14 01:52:29 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2013/07/14 01:52:29 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2013/07/14 01:52:29 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2013/07/14 01:52:29 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2013/07/14 01:52:29 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/07/14 01:52:29 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013/07/14 01:52:29 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/07/14 01:52:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2013/07/14 01:52:28 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/07/14 01:52:28 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013/07/14 01:52:28 | 000,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2013/07/14 01:52:28 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2013/07/14 01:52:28 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013/07/14 01:52:28 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2013/07/14 01:52:28 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2013/07/14 01:52:27 | 002,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2013/07/14 01:52:27 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2013/07/14 01:52:27 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/07/14 01:52:27 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2013/07/14 01:52:27 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2013/07/14 01:52:27 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2013/07/14 01:52:27 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2013/07/14 01:52:26 | 001,831,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013/07/14 01:52:26 | 001,159,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/07/14 01:52:26 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/07/14 01:52:25 | 006,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/07/14 01:52:25 | 000,635,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2013/07/14 01:51:55 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/07/14 01:51:42 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2013/07/14 01:51:42 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll
[2013/07/14 01:51:42 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2013/07/14 01:51:42 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll
[2013/07/14 01:51:42 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2013/07/14 01:51:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/07/14 01:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2013/07/14 01:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/07/14 01:50:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2013/07/14 01:50:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2013/07/14 01:50:14 | 000,204,252 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2013/07/14 01:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2013/07/14 01:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2013/07/14 01:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2013/07/14 01:49:32 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2013/07/14 01:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013/07/14 01:42:35 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2013/07/14 01:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2013/07/14 01:42:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2013/07/14 01:41:49 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2013/07/14 01:41:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache
[2013/07/14 01:41:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2013/07/14 01:41:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2013/07/14 01:40:55 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2013/07/14 01:40:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2013/07/14 01:40:24 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2013/07/14 01:40:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2013/07/14 01:40:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2013/07/14 01:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2013/07/14 01:40:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2013/07/14 01:40:02 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2013/07/14 01:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2013/07/14 01:39:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2013/07/14 01:39:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2013/07/14 01:39:53 | 000,370,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2013/07/14 01:39:53 | 000,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2013/07/14 01:39:53 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2013/07/14 01:39:53 | 000,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2013/07/14 01:39:52 | 000,563,912 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2013/07/14 01:39:52 | 000,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.wusetup.1975078.bak
[2013/07/14 01:39:52 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2013/07/14 01:39:52 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2013/07/14 01:39:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2013/07/14 01:39:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2013/07/14 01:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2013/07/14 01:39:24 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2013/07/14 01:39:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2013/07/14 01:39:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2013/07/14 01:39:24 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2013/07/14 01:39:20 | 000,227,798 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2013/07/14 01:39:19 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2013/07/14 01:39:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2013/07/14 01:39:18 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2013/07/14 01:39:18 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2013/07/14 01:39:18 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2013/07/14 01:39:18 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2013/07/14 01:39:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2013/07/14 01:39:14 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2013/07/14 01:39:14 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2013/07/14 01:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2013/07/14 01:39:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2013/07/14 01:39:10 | 000,217,050 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2013/07/14 01:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2013/07/14 01:39:09 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2013/07/14 01:39:09 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2013/07/14 01:39:09 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2013/07/14 01:39:09 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2013/07/14 01:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2013/07/14 01:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2013/07/14 01:38:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2013/07/14 01:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Applocale
[2013/07/14 01:38:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2013/07/14 01:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2013/07/14 01:38:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2013/07/14 01:38:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2013/07/14 01:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2013/07/14 01:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/07/14 01:37:57 | 001,474,560 | ---- | C] (Option^Explicit Software Solutions) -- C:\WINDOWS\System32\WinsockxpFix.exe
[2013/07/14 01:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2013/07/14 01:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2013/07/14 01:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2013/07/14 01:37:43 | 000,210,394 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2013/07/14 01:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2013/07/14 01:37:32 | 000,343,506 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2013/07/14 01:37:31 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2013/07/14 01:37:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2013/07/14 01:37:31 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2013/07/14 01:37:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2013/07/14 01:37:30 | 000,212,956 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2013/07/14 01:37:22 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2013/07/14 01:37:22 | 000,319,446 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2013/07/14 01:37:22 | 000,285,146 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2013/07/14 01:37:21 | 000,331,738 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2013/07/14 01:37:21 | 000,324,562 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2013/07/14 01:37:21 | 000,261,594 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2013/07/14 01:37:20 | 000,260,062 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2013/07/14 01:37:20 | 000,221,662 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2013/07/14 01:37:20 | 000,221,146 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2013/07/14 01:37:20 | 000,219,614 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2013/07/14 01:37:20 | 000,219,612 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2013/07/14 01:37:20 | 000,219,610 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2013/07/14 01:37:20 | 000,214,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2013/07/14 01:37:19 | 000,238,556 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2013/07/14 01:37:19 | 000,226,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2013/07/14 01:37:19 | 000,225,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2013/07/14 01:37:19 | 000,221,660 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2013/07/14 01:37:19 | 000,220,638 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2013/07/14 01:37:19 | 000,220,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2013/07/14 01:37:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2013/07/14 01:37:18 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2013/07/14 01:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2013/07/14 01:37:00 | 000,389,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2013/07/14 01:37:00 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2013/07/14 01:37:00 | 000,336,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2013/07/14 01:37:00 | 000,328,154 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2013/07/14 01:37:00 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2013/07/14 01:36:59 | 000,547,794 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2013/07/14 01:36:59 | 000,307,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2013/07/14 01:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2013/07/14 01:36:58 | 000,743,382 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2013/07/14 01:36:57 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2013/07/14 01:36:57 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2013/07/14 01:36:57 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2013/07/14 01:36:57 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2013/07/14 01:36:56 | 000,271,836 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2013/07/14 01:36:56 | 000,218,578 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2013/07/14 01:36:55 | 000,267,742 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2013/07/14 01:36:55 | 000,224,732 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2013/07/14 01:36:55 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2013/07/14 01:36:55 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2013/07/14 01:36:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2013/07/14 01:36:54 | 000,427,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2013/07/14 01:36:54 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2013/07/14 01:36:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2013/07/14 01:36:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2013/07/14 01:36:53 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2013/07/14 01:36:53 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2013/07/14 01:36:53 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2013/07/14 01:36:52 | 000,210,900 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2013/07/14 01:36:52 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2013/07/14 01:36:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2013/07/14 01:36:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2013/07/14 01:36:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2013/07/14 01:36:51 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2013/07/14 01:36:51 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2013/07/14 01:36:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2013/07/14 01:36:51 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2013/07/14 01:36:51 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2013/07/14 01:36:50 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2013/07/14 01:36:50 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2013/07/14 01:36:42 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2013/07/14 01:36:42 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2013/07/14 01:36:42 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2013/07/14 01:36:42 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2013/07/14 01:36:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/07/30 05:12:36 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spyware Cease 2011.lnk
[2013/07/29 20:58:17 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2013/07/29 20:57:48 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/07/29 20:57:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/29 04:42:23 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\KMPlayer.lnk
[2013/07/25 18:42:48 | 216,002,560 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\pa-letsgolf.iso
[2013/07/25 18:03:36 | 207,195,040 | ---- | M] () -- C:\Documents and Settings\Administrator\EBOOT.PBP
[2013/07/25 17:46:32 | 000,745,888 | ---- | M] () -- C:\Documents and Settings\Administrator\ISO.BIN
[2013/07/25 17:46:32 | 000,000,080 | ---- | M] () -- C:\Documents and Settings\Administrator\MINIS.BIN
[2013/07/23 15:13:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/21 16:47:43 | 000,009,728 | ---- | M] () -- C:\WINDOWS\System32\gei33.dll
[2013/07/18 07:49:52 | 000,039,370 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\BPBXsypCIAEsYeQ.png large.png
[2013/07/17 16:06:29 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Expat Shield Launch.lnk
[2013/07/17 14:22:25 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/16 03:50:33 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PS3 Tools.lnk
[2013/07/14 06:46:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\cd.dat
[2013/07/14 05:59:34 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2013/07/14 02:57:14 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bandwidth Monitor.lnk
[2013/07/14 02:57:02 | 000,424,414 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/14 02:57:02 | 000,351,706 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/14 02:57:02 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/14 02:57:01 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/07/14 02:57:01 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/07/14 02:57:01 | 000,351,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/14 02:57:01 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/07/14 02:55:35 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\UltraISO.lnk
[2013/07/14 02:52:29 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IDM.lnk
[2013/07/14 02:48:58 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Orbit.lnk
[2013/07/14 02:44:17 | 000,869,850 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/07/14 02:44:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/07/14 02:42:56 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/14 02:42:56 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/14 02:28:45 | 000,018,096 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2013/07/14 02:21:31 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/14 02:21:31 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/14 02:16:23 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/14 02:16:22 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/07/14 02:15:36 | 000,165,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/14 02:13:29 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2013/07/14 02:12:24 | 000,000,803 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2013/07/14 02:10:01 | 000,001,404 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\XPS Viewer EP.lnk
[2013/07/14 01:55:05 | 000,000,317 | -HS- | M] () -- C:\boot.ini
[2013/07/14 01:54:12 | 000,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2013/07/14 01:42:04 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/07/14 01:42:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/07/14 01:42:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/07/14 01:42:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2013/07/14 01:42:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2013/07/14 01:41:57 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/07/14 01:41:57 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/07/14 01:41:56 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/07/14 01:41:49 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2013/07/14 01:38:32 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/07/30 05:12:36 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spyware Cease 2011.lnk
[2013/07/30 05:12:25 | 000,034,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys
[2013/07/25 18:40:59 | 216,002,560 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\pa-letsgolf.iso
[2013/07/25 17:43:50 | 000,745,888 | ---- | C] () -- C:\Documents and Settings\Administrator\ISO.BIN
[2013/07/25 17:43:50 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Administrator\MINIS.BIN
[2013/07/25 17:23:41 | 207,195,040 | ---- | C] () -- C:\Documents and Settings\Administrator\EBOOT.PBP
[2013/07/17 16:06:29 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Expat Shield Launch.lnk
[2013/07/16 04:50:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/16 03:50:33 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PS3 Tools.lnk
[2013/07/14 07:42:27 | 000,039,370 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\BPBXsypCIAEsYeQ.png large.png
[2013/07/14 06:46:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2013/07/14 05:59:34 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2013/07/14 05:59:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/07/14 05:58:13 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2013/07/14 05:55:15 | 000,165,120 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/14 05:53:45 | 000,000,317 | -HS- | C] () -- C:\boot.ini
[2013/07/14 05:53:41 | 000,000,803 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2013/07/14 02:57:14 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bandwidth Monitor.lnk
[2013/07/14 02:55:35 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\UltraISO.lnk
[2013/07/14 02:52:29 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IDM.lnk
[2013/07/14 02:48:58 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Orbit.lnk
[2013/07/14 02:47:21 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2013/07/14 02:42:56 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/14 02:42:56 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/14 02:42:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/14 02:40:14 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\KMPlayer.lnk
[2013/07/14 02:28:45 | 000,018,096 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2013/07/14 02:28:40 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2013/07/14 02:28:34 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2013/07/14 02:21:29 | 000,008,743 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/07/14 02:21:21 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2013/07/14 02:21:09 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\gei33.dll
[2013/07/14 02:16:23 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/14 02:16:23 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2013/07/14 02:16:22 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/07/14 02:16:09 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2013/07/14 02:15:52 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2013/07/14 02:15:52 | 000,001,404 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\XPS Viewer EP.lnk
[2013/07/14 02:15:51 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2013/07/14 02:13:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2013/07/14 02:11:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/07/14 02:10:01 | 000,001,392 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\XPS Viewer EP.lnk
[2013/07/14 02:05:58 | 000,002,178 | ---- | C] () -- C:\WINDOWS\System32\wsmtxt.xsl
[2013/07/14 02:05:58 | 000,001,559 | ---- | C] () -- C:\WINDOWS\System32\wsmpty.xsl
[2013/07/14 02:05:57 | 000,195,122 | ---- | C] () -- C:\WINDOWS\System32\winrm.vbs
[2013/07/14 02:05:52 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Journal Viewer.lnk
[2013/07/14 01:59:48 | 000,087,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/07/14 01:42:04 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/07/14 01:42:04 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/07/14 01:42:04 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/07/14 01:42:04 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2013/07/14 01:42:04 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2013/07/14 01:41:57 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/07/14 01:41:57 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/07/14 01:41:56 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2013/07/14 01:40:53 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2013/07/14 01:40:21 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2013/07/14 01:40:21 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2013/07/14 01:38:34 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2013/07/14 01:38:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/07/14 01:38:13 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2013/07/14 01:37:56 | 000,004,304 | ---- | C] () -- C:\WINDOWS\almain.sdb
[2013/07/14 01:37:24 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2013/07/14 01:37:24 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2013/07/14 01:37:24 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2013/07/14 01:37:24 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2013/07/14 01:37:24 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2013/07/14 01:37:24 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2013/07/14 01:37:24 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2013/07/14 01:37:23 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2013/07/14 01:37:23 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2013/07/14 01:37:23 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2013/07/14 01:37:23 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2013/07/14 01:37:20 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2013/07/14 01:37:20 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2013/07/14 01:37:18 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2013/07/14 01:37:12 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2013/07/14 01:42:50 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/11/14 00:17:36 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 16:30:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 16:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#E56717]========== Drive Information ==========[/color]
 
Physical Drives
---------------
 
Error accessing drive info (0)
Error accessing drive info (0)
 
Partitions
---------------
 
Error accessing partition info (0)
Error accessing partition info (0)
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\assembly\GAC_32\*.ini >[/color]
 
[color=#A23BEC]< %systemroot%\assembly\GAC_64\*.ini >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2013/07/14 04:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\1morebee
[2013/07/14 02:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2013/07/14 04:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Alawar
[2013/07/14 04:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AlawarEntertainment
[2013/07/14 03:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BWMonitor
[2013/07/14 04:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Chicken Chase
[2013/07/30 06:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2013/07/14 04:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EA
[2013/07/14 04:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GameHouse
[2013/07/14 02:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabPro
[2013/07/14 02:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2013/07/28 22:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IDM
[2013/07/14 02:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2013/07/14 04:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ManifestoGames
[2013/07/14 02:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2013/07/14 04:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Meridian93
[2013/07/16 09:04:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2013/07/14 02:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2013/07/30 06:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit
[2013/07/14 04:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PlayFirst
[2013/07/14 02:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ProgSense
[2013/07/21 17:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ps3psarc
[2013/07/25 22:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Stella
[2013/07/14 01:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2013/07/14 04:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\URSE Games
[2013/07/14 04:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ViquaSoft
[2013/07/14 02:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2013/07/14 02:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wocarson
[2013/07/14 04:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YoudaGames
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2008/11/14 01:25:31 | 017,779,836 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 16:30:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
[color=#A23BEC]< MD5 for: CSRSS.EXE  >[/color]
[2008/04/14 16:30:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008/04/14 16:30:00 | 001,060,864 | ---- | M] (Microsoft Corporation) MD5=58BDBC2591317482646DA9E6B8C41073 -- C:\WINDOWS\explorer.exe
 
[color=#A23BEC]< MD5 for: MSWSOCK.DLL  >[/color]
[2008/11/14 00:16:43 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\system32\mswsock.dll
 
[color=#A23BEC]< MD5 for: NWPROVAU.DLL  >[/color]
[2008/04/14 16:30:00 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll
 
[color=#A23BEC]< MD5 for: PNRPNSP.DLL  >[/color]
[2008/04/14 16:30:00 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll
 
[color=#A23BEC]< MD5 for: RSVPSP.DLL  >[/color]
[2008/04/14 16:30:00 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\system32\rsvpsp.dll
 
[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
[2008/04/14 16:30:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\system32\services.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2008/04/14 16:30:00 | 000,041,472 | ---- | M] (Microsoft Corporation) MD5=40D2258A18915B3F8E3AB6592CDEEA6A -- C:\WINDOWS\system32\svchost.exe
 
[color=#A23BEC]< MD5 for: USER32.DLL  >[/color]
[2008/04/14 16:30:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008/04/14 16:30:00 | 000,230,866 | ---- | M] (Microsoft Corporation) MD5=192F5676CCDEFEA3DFD21DFF37F12B42 -- C:\WINDOWS\system32\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2008/04/14 16:30:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
[color=#A23BEC]< MD5 for: WINRNR.DLL  >[/color]
[2008/04/14 16:30:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll
 
[color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color]
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/06/18 18:52:13 | 001,044,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/06/18 18:52:13 | 001,044,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/06/18 18:52:13 | 001,044,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/06/18 18:51:12 | 001,098,200 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/06/18 18:51:12 | 001,098,200 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/06/18 18:51:12 | 001,098,200 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2008/08/25 13:07:59 | 000,097,792 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2008/08/25 13:07:59 | 000,097,792 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2008/08/25 13:07:59 | 000,097,792 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2008/08/23 10:26:15 | 000,635,848 | ---- | M] (Microsoft Corporation)
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/06/18 18:52:13 | 001,044,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/06/18 18:52:13 | 001,044,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/06/18 18:52:13 | 001,044,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/06/18 18:51:12 | 001,098,200 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/06/18 18:51:12 | 001,098,200 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/06/18 18:51:12 | 001,098,200 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2008/08/25 13:07:59 | 000,097,792 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2008/08/25 13:07:59 | 000,097,792 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2008/08/25 13:07:59 | 000,097,792 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2008/08/23 10:26:15 | 000,635,848 | ---- | M] (Microsoft Corporation)
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %ProgramFiles%\WINDOWS NT\*.* /s >[/color]
[2008/04/14 16:30:00 | 000,743,898 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\dialer.exe
[2008/04/14 16:30:00 | 000,013,312 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\htrn_jis.dll
[2008/04/14 16:30:00 | 000,232,918 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\hypertrm.exe
[2008/04/14 16:30:00 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd6.wpc
[2008/04/14 16:30:00 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd8.wpc
[2008/04/14 16:30:00 | 000,419,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2008/04/14 16:30:00 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\write.wpc
[2008/04/14 16:30:00 | 000,003,947 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\FONT.DAT
[2008/04/14 16:30:00 | 000,928,700 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.DAT
[2008/04/14 16:30:00 | 000,485,852 | ---- | M] (Cinematronics) -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.EXE
[2008/04/14 16:30:00 | 000,108,607 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.MID
[2008/04/14 16:30:00 | 000,028,888 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL2.MID
[2008/04/14 16:30:00 | 000,055,490 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND1.WAV
[2008/04/14 16:30:00 | 000,001,226 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND104.WAV
[2008/04/14 16:30:00 | 000,001,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND105.WAV
[2008/04/14 16:30:00 | 000,007,754 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND108.WAV
[2008/04/14 16:30:00 | 000,000,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND111.WAV
[2008/04/14 16:30:00 | 000,000,824 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND112.WAV
[2008/04/14 16:30:00 | 000,004,296 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND12.WAV
[2008/04/14 16:30:00 | 000,008,034 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND13.WAV
[2008/04/14 16:30:00 | 000,001,290 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND131.WAV
[2008/04/14 16:30:00 | 000,019,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND136.WAV
[2008/04/14 16:30:00 | 000,003,002 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND14.WAV
[2008/04/14 16:30:00 | 000,001,046 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND16.WAV
[2008/04/14 16:30:00 | 000,002,090 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND17.WAV
[2008/04/14 16:30:00 | 000,003,986 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND18.WAV
[2008/04/14 16:30:00 | 000,027,472 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND181.WAV
[2008/04/14 16:30:00 | 000,005,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND19.WAV
[2008/04/14 16:30:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND20.WAV
[2008/04/14 16:30:00 | 000,009,194 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND21.WAV
[2008/04/14 16:30:00 | 000,007,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND22.WAV
[2008/04/14 16:30:00 | 000,012,106 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND24.WAV
[2008/04/14 16:30:00 | 000,014,600 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND240.WAV
[2008/04/14 16:30:00 | 000,020,712 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND243.WAV
[2008/04/14 16:30:00 | 000,025,704 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND25.WAV
[2008/04/14 16:30:00 | 000,007,306 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND26.WAV
[2008/04/14 16:30:00 | 000,020,242 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND27.WAV
[2008/04/14 16:30:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND28.WAV
[2008/04/14 16:30:00 | 000,010,364 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND29.WAV
[2008/04/14 16:30:00 | 000,022,858 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND3.WAV
[2008/04/14 16:30:00 | 000,022,570 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND30.WAV
[2008/04/14 16:30:00 | 000,001,520 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND34.WAV
[2008/04/14 16:30:00 | 000,019,498 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND35.WAV
[2008/04/14 16:30:00 | 000,033,848 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND36.WAV
[2008/04/14 16:30:00 | 000,013,024 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND38.WAV
[2008/04/14 16:30:00 | 000,028,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND39.WAV
[2008/04/14 16:30:00 | 000,016,626 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND4.WAV
[2008/04/14 16:30:00 | 000,029,140 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND42.WAV
[2008/04/14 16:30:00 | 000,022,796 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND43.WAV
[2008/04/14 16:30:00 | 000,009,770 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND45.WAV
[2008/04/14 16:30:00 | 000,001,876 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49.WAV
[2008/04/14 16:30:00 | 000,003,330 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49D.WAV
[2008/04/14 16:30:00 | 000,003,180 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND5.WAV
[2008/04/14 16:30:00 | 000,012,074 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND50.WAV
[2008/04/14 16:30:00 | 000,008,932 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND528.WAV
[2008/04/14 16:30:00 | 000,009,022 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND53.WAV
[2008/04/14 16:30:00 | 000,018,250 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND54.WAV
[2008/04/14 16:30:00 | 000,021,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND55.WAV
[2008/04/14 16:30:00 | 000,029,004 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND560.WAV
[2008/04/14 16:30:00 | 000,024,192 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND563.WAV
[2008/04/14 16:30:00 | 000,030,502 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND57.WAV
[2008/04/14 16:30:00 | 000,003,408 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND58.WAV
[2008/04/14 16:30:00 | 000,004,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND6.WAV
[2008/04/14 16:30:00 | 000,017,676 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND65.WAV
[2008/04/14 16:30:00 | 000,032,402 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND68.WAV
[2008/04/14 16:30:00 | 000,026,442 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND7.WAV
[2008/04/14 16:30:00 | 000,014,592 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND713.WAV
[2008/04/14 16:30:00 | 000,027,268 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND735.WAV
[2008/04/14 16:30:00 | 000,002,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND8.WAV
[2008/04/14 16:30:00 | 000,047,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND827.WAV
[2008/04/14 16:30:00 | 000,020,098 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND9.WAV
[2008/04/14 16:30:00 | 000,006,742 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND999.WAV
[2008/04/14 16:30:00 | 000,339,178 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\table.bmp
[2008/04/14 16:30:00 | 000,002,687 | R--- | M] () -- C:\Program Files\WINDOWS NT\Pinball\wavemix.inf
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

< End of report >

Edited by Nimation, 29 July 2013 - 09:04 PM.

[RKinner]

This file:

[2013/07/14 02:21:09 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\gei33.dll

Appears to be a trojan backdoor. If I google it I get a lot of reports of it being a virus:

http://www.microsoft...n32/Nitol#tab=2

You will note that it may put a copy of lpk.dll in every folder with a .exe or .rar or .zip

I also see these:

MOD - [2013/07/29 20:57:59 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Temp\vra6.tmp
MOD - [2013/07/29 20:57:59 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Temp\vra5.tmp
MOD - [2013/07/29 20:57:59 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Temp\vra3.tmp
MOD - [2013/07/29 20:57:48 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Temp\rna1.tmp
MOD - [2013/07/21 23:41:31 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Temp\cxc1AA.tmp

This one shows signs of an infection but the file is supposedly missing.

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\yygeym.exe -- (ncbxcoksfz)

This next one May be part of Spyware Cease:

DRV - [2010/12/30 10:54:06 | 000,034,736 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)

but I'm not sure I trust Spyware Cease either. Did you install it on purpose? Do you trust it?

Several of your critical file MD5 checksums do not google which is rare for XP system files so may mean that they are infected. Doesn't appear that you have any backups which is odd.


< MD5 for: EXPLORER.EXE >
[2008/04/14 16:30:00 | 001,060,864 | ---- | M] (Microsoft Corporation) MD5=58BDBC2591317482646DA9E6B8C41073 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 16:30:00 | 000,041,472 | ---- | M] (Microsoft Corporation) MD5=40D2258A18915B3F8E3AB6592CDEEA6A -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 16:30:00 | 000,230,866 | ---- | M] (Microsoft Corporation) MD5=192F5676CCDEFEA3DFD21DFF37F12B42 -- C:\WINDOWS\system32\userinit.exe

If you can't get to virustotal.com can you get to
www.jotti.org and submit the above files?

Jotti will also check them.

If you have the CD for XP SP3 you can open a command window and

sfc  /scannow

This will check your critical system files and replace them. It should also rebuild your backup files.

We can use OTL to check for the presence of the malware dll:


Copy the text in the code box:

/md5start
lpk.dll
/md5stop
C:\WINDOWS\Temp\*.tmp /s

Run OTL


Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it. This will not make any changes so should be safe to run.

Can you get to any of the following sites? These can make changes so just check to see if you can download the file mentioned.



Download aswMBR.exe to your desktop.
Double click aswMBR.exe
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected. <==If you skip this step it should be safe to run Malwarebytes' Anti-Malware

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

[Nimation]

If you have the CD for XP SP3 you can open a command window and

sfc  /scannow

This will check your critical system files and replace them. It should also rebuild your backup files.

I get an error trying to do this: Windows File Protection could not initiate a scan of protected system files.

The specific error is 0*000006ba [The RPC server is unavailable.].
_______________________________________________________________________

Here's the log file I got from TDSSKiller:

21:19:27.0107 2940  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
21:19:29.0107 2940  ============================================================
21:19:29.0107 2940  Current date / time: 2013/07/30 21:19:29.0107
21:19:29.0107 2940  SystemInfo:
21:19:29.0107 2940  
21:19:29.0107 2940  OS Version: 5.1.2600 ServicePack: 3.0
21:19:29.0107 2940  Product type: Workstation
21:19:29.0107 2940  ComputerName: ARYANCD
21:19:29.0107 2940  UserName: Administrator
21:19:29.0107 2940  Windows directory: C:\WINDOWS
21:19:29.0107 2940  System windows directory: C:\WINDOWS
21:19:29.0107 2940  Processor architecture: Intel x86
21:19:29.0107 2940  Number of processors: 2
21:19:29.0107 2940  Page size: 0x1000
21:19:29.0107 2940  Boot type: Normal boot
21:19:29.0107 2940  ============================================================
21:19:30.0466 2940  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:19:30.0466 2940  ============================================================
21:19:30.0466 2940  \Device\Harddisk0\DR0:
21:19:30.0466 2940  MBR partitions:
21:19:30.0466 2940  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
21:19:30.0482 2940  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x61A7927
21:19:30.0482 2940  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x88B901B, BlocksNum 0xC54530D
21:19:30.0513 2940  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x14DFE367, BlocksNum 0xC54530D
21:19:30.0513 2940  \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x213436B3, BlocksNum 0xC54530D
21:19:30.0529 2940  \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0x2D8889FF, BlocksNum 0xCAF8381
21:19:30.0529 2940  ============================================================
21:19:30.0560 2940  C: <-> \Device\Harddisk0\DR0\Partition1
21:19:30.0591 2940  D: <-> \Device\Harddisk0\DR0\Partition2
21:19:30.0982 2940  E: <-> \Device\Harddisk0\DR0\Partition3
21:19:30.0997 2940  F: <-> \Device\Harddisk0\DR0\Partition4
21:19:31.0044 2940  G: <-> \Device\Harddisk0\DR0\Partition5
21:19:31.0075 2940  H: <-> \Device\Harddisk0\DR0\Partition6
21:19:31.0075 2940  ============================================================
21:19:31.0075 2940  Initialize success
21:19:31.0075 2940  ============================================================
21:19:59.0341 4056  ============================================================
21:19:59.0341 4056  Scan started
21:19:59.0341 4056  Mode: Manual; SigCheck; TDLFS; 
21:19:59.0341 4056  ============================================================
21:20:00.0107 4056  ================ Scan system memory ========================
21:20:00.0122 4056  System memory - ok
21:20:00.0122 4056  ================ Scan services =============================
21:20:00.0200 4056  Abiosdsk - ok
21:20:00.0200 4056  abp480n5 - ok
21:20:00.0232 4056  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:20:00.0935 4056  ACPI - ok
21:20:00.0966 4056  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
21:20:01.0075 4056  ACPIEC - ok
21:20:01.0091 4056  adpu160m - ok
21:20:01.0107 4056  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
21:20:01.0247 4056  aec - ok
21:20:01.0263 4056  [ 4D43E74F2A1239D53929B82600F1971C ] AFD             C:\WINDOWS\System32\drivers\afd.sys
21:20:01.0310 4056  AFD - ok
21:20:01.0310 4056  Aha154x - ok
21:20:01.0310 4056  aic78u2 - ok
21:20:01.0325 4056  aic78xx - ok
21:20:01.0341 4056  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
21:20:01.0450 4056  Alerter - ok
21:20:01.0466 4056  [ B0780E8CB63946F2A72045A5798853ED ] ALG             C:\WINDOWS\System32\alg.exe
21:20:01.0482 4056  ALG ( UnsignedFile.Multi.Generic ) - warning
21:20:01.0482 4056  ALG - detected UnsignedFile.Multi.Generic (1)
21:20:01.0482 4056  AliIde - ok
21:20:01.0497 4056  amsint - ok
21:20:01.0513 4056  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
21:20:01.0560 4056  AppMgmt - ok
21:20:01.0560 4056  asc - ok
21:20:01.0560 4056  asc3350p - ok
21:20:01.0575 4056  asc3550 - ok
21:20:01.0685 4056  [ 3ECDEE2AEF18A992EA02F1BBF19B569A ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:20:01.0700 4056  aspnet_state ( UnsignedFile.Multi.Generic ) - warning
21:20:01.0700 4056  aspnet_state - detected UnsignedFile.Multi.Generic (1)
21:20:01.0716 4056  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:20:01.0825 4056  AsyncMac - ok
21:20:01.0857 4056  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
21:20:01.0966 4056  atapi - ok
21:20:01.0966 4056  Atdisk - ok
21:20:01.0982 4056  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:20:02.0091 4056  Atmarpc - ok
21:20:02.0107 4056  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
21:20:02.0216 4056  AudioSrv - ok
21:20:02.0232 4056  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
21:20:02.0341 4056  audstub - ok
21:20:02.0372 4056  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:20:02.0466 4056  Beep - ok
21:20:02.0497 4056  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
21:20:02.0622 4056  BITS - ok
21:20:02.0638 4056  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\WINDOWS\System32\browser.dll
21:20:02.0747 4056  Browser - ok
21:20:02.0763 4056  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
21:20:02.0888 4056  cbidf2k - ok
21:20:02.0888 4056  cd20xrnt - ok
21:20:02.0904 4056  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
21:20:03.0013 4056  Cdaudio - ok
21:20:03.0029 4056  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
21:20:03.0138 4056  Cdfs - ok
21:20:03.0154 4056  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:20:03.0185 4056  Cdrom - ok
21:20:03.0185 4056  Changer - ok
21:20:03.0232 4056  [ 2C1C5C5ACB52979D6F321E90FC1063A4 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
21:20:03.0247 4056  CiSvc ( UnsignedFile.Multi.Generic ) - warning
21:20:03.0247 4056  CiSvc - detected UnsignedFile.Multi.Generic (1)
21:20:03.0294 4056  [ FC910B50346F49697BE4D20C67C45A9E ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
21:20:03.0310 4056  ClipSrv ( UnsignedFile.Multi.Generic ) - warning
21:20:03.0310 4056  ClipSrv - detected UnsignedFile.Multi.Generic (1)
21:20:03.0341 4056  [ EEF05F15014D9975A90C504663962477 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:20:03.0341 4056  clr_optimization_v2.0.50727_32 ( UnsignedFile.Multi.Generic ) - warning
21:20:03.0341 4056  clr_optimization_v2.0.50727_32 - detected UnsignedFile.Multi.Generic (1)
21:20:03.0357 4056  CmdIde - ok
21:20:03.0357 4056  COMSysApp - ok
21:20:03.0372 4056  Cpqarray - ok
21:20:03.0404 4056  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
21:20:03.0513 4056  CryptSvc - ok
21:20:03.0529 4056  dac2w2k - ok
21:20:03.0529 4056  dac960nt - ok
21:20:03.0560 4056  [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:20:03.0669 4056  DcomLaunch - ok
21:20:03.0700 4056  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
21:20:03.0794 4056  Dhcp - ok
21:20:03.0825 4056  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
21:20:03.0935 4056  Disk - ok
21:20:03.0950 4056  dmadmin - ok
21:20:03.0966 4056  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
21:20:04.0122 4056  dmboot - ok
21:20:04.0122 4056  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
21:20:04.0232 4056  dmio - ok
21:20:04.0247 4056  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
21:20:04.0357 4056  dmload - ok
21:20:04.0357 4056  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
21:20:04.0466 4056  dmserver - ok
21:20:04.0497 4056  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
21:20:04.0607 4056  DMusic - ok
21:20:04.0622 4056  [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:20:04.0732 4056  Dnscache - ok
21:20:04.0763 4056  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:20:04.0935 4056  Dot3svc - ok
21:20:04.0935 4056  dpti2o - ok
21:20:04.0935 4056  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:20:05.0060 4056  drmkaud - ok
21:20:05.0075 4056  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
21:20:05.0200 4056  EapHost - ok
21:20:05.0200 4056  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
21:20:05.0325 4056  ERSvc - ok
21:20:05.0357 4056  [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog        C:\WINDOWS\system32\services.exe
21:20:05.0466 4056  Eventlog - ok
21:20:05.0482 4056  [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] EventSystem     C:\WINDOWS\system32\es.dll
21:20:05.0513 4056  EventSystem - ok
21:20:05.0560 4056  [ 6C5B729C5934E2D8EC0BD6762AAE9251 ] ExpatShieldService C:\Program Files\Expat Shield\bin\openvpnas.exe
21:20:05.0575 4056  ExpatShieldService - ok
21:20:05.0591 4056  [ 2CFEA9C337B699ACA38487E8A7438F35 ] ExpatSrv        C:\Program Files\Expat Shield\HssWPR\hsssrv.exe
21:20:05.0607 4056  ExpatSrv - ok
21:20:05.0622 4056  [ 3DFFFC53E1437A5ED83B9FEB201AF9B3 ] ExpatTrayService C:\Program Files\Expat Shield\bin\ExpatTrayService.EXE
21:20:05.0638 4056  ExpatTrayService ( UnsignedFile.Multi.Generic ) - warning
21:20:05.0638 4056  ExpatTrayService - detected UnsignedFile.Multi.Generic (1)
21:20:05.0638 4056  ExpatWd - ok
21:20:05.0669 4056  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
21:20:05.0810 4056  Fastfat - ok
21:20:05.0825 4056  [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:20:05.0950 4056  FastUserSwitchingCompatibility - ok
21:20:05.0966 4056  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
21:20:06.0107 4056  Fdc - ok
21:20:06.0122 4056  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
21:20:06.0263 4056  Fips - ok
21:20:06.0279 4056  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:20:06.0404 4056  Flpydisk - ok
21:20:06.0419 4056  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:20:06.0544 4056  FltMgr - ok
21:20:06.0575 4056  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:20:06.0591 4056  FontCache3.0.0.0 - ok
21:20:06.0607 4056  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:20:06.0732 4056  Fs_Rec - ok
21:20:06.0747 4056  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:20:06.0857 4056  Ftdisk - ok
21:20:06.0872 4056  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:20:07.0013 4056  Gpc - ok
21:20:07.0044 4056  [ 2A013E7530BEAB6E569FAA83F517E836 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
21:20:07.0075 4056  HdAudAddService - ok
21:20:07.0107 4056  [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:20:07.0122 4056  HDAudBus - ok
21:20:07.0154 4056  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:20:07.0279 4056  helpsvc - ok
21:20:07.0279 4056  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
21:20:07.0404 4056  HidServ - ok
21:20:07.0419 4056  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:20:07.0529 4056  hidusb - ok
21:20:07.0560 4056  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
21:20:07.0669 4056  hkmsvc - ok
21:20:07.0685 4056  hpn - ok
21:20:07.0700 4056  [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
21:20:07.0825 4056  HTTP - ok
21:20:07.0841 4056  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
21:20:07.0966 4056  HTTPFilter - ok
21:20:07.0966 4056  i2omgmt - ok
21:20:07.0982 4056  i2omp - ok
21:20:07.0997 4056  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
21:20:08.0122 4056  i8042prt - ok
21:20:08.0138 4056  [ BD202018AF54CB476B847CAF6161AC2B ] IDMTDI          C:\WINDOWS\system32\DRIVERS\idmtdi.sys
21:20:23.0232 4056  IDMTDI - ok
21:20:23.0310 4056  [ BF0444094BD2F766BAB5B331263DB596 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:20:23.0325 4056  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:20:23.0325 4056  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:20:23.0404 4056  [ 4C3D1C7EB7D3A2612B9C8140EC137114 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:20:23.0450 4056  idsvc ( UnsignedFile.Multi.Generic ) - warning
21:20:23.0450 4056  idsvc - detected UnsignedFile.Multi.Generic (1)
21:20:23.0466 4056  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
21:20:23.0591 4056  Imapi - ok
21:20:23.0607 4056  [ 741F56174F31BC3DB941343FE2C63022 ] ImapiService    C:\WINDOWS\system32\imapi.exe
21:20:23.0638 4056  ImapiService ( UnsignedFile.Multi.Generic ) - warning
21:20:23.0638 4056  ImapiService - detected UnsignedFile.Multi.Generic (1)
21:20:23.0638 4056  ini910u - ok
21:20:23.0654 4056  IntelIde - ok
21:20:23.0669 4056  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:20:23.0779 4056  intelppm - ok
21:20:23.0794 4056  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:20:23.0904 4056  Ip6Fw - ok
21:20:23.0919 4056  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:20:24.0029 4056  IpFilterDriver - ok
21:20:24.0044 4056  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:20:24.0154 4056  IpInIp - ok
21:20:24.0169 4056  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:20:24.0279 4056  IpNat - ok
21:20:24.0294 4056  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:20:24.0404 4056  IPSec - ok
21:20:24.0419 4056  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
21:20:24.0466 4056  IRENUM - ok
21:20:24.0482 4056  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:20:24.0591 4056  isapnp - ok
21:20:24.0622 4056  [ 2F03CEB28307983F3B36216D35FFA5AA ] ISODrive        C:\Program Files\UltraISO\drivers\ISODrive.sys
21:20:24.0669 4056  ISODrive - ok
21:20:24.0716 4056  [ F4E5DCF83F75F2A4AD8D37AD4157BE88 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:20:24.0716 4056  JavaQuickStarterService ( UnsignedFile.Multi.Generic ) - warning
21:20:24.0716 4056  JavaQuickStarterService - detected UnsignedFile.Multi.Generic (1)
21:20:24.0763 4056  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:20:24.0888 4056  Kbdclass - ok
21:20:24.0904 4056  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:20:24.0997 4056  kbdhid - ok
21:20:25.0029 4056  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
21:20:25.0138 4056  kmixer - ok
21:20:25.0169 4056  [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
21:20:25.0279 4056  KSecDD - ok
21:20:25.0294 4056  [ F385F4B02C535BFFE1D70CAB80838123 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
21:20:25.0419 4056  LanmanServer - ok
21:20:25.0450 4056  [ A4DB46B1DD8123BC344E78BCEEC76723 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:20:25.0466 4056  lanmanworkstation - ok
21:20:25.0466 4056  lbrtfdc - ok
21:20:25.0497 4056  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
21:20:25.0607 4056  LmHosts - ok
21:20:25.0622 4056  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
21:20:25.0732 4056  Messenger - ok
21:20:25.0763 4056  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
21:20:25.0872 4056  mnmdd - ok
21:20:25.0919 4056  [ 5D1DDF2B1330C10B89E7C749C68F5D45 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
21:20:25.0919 4056  mnmsrvc ( UnsignedFile.Multi.Generic ) - warning
21:20:25.0919 4056  mnmsrvc - detected UnsignedFile.Multi.Generic (1)
21:20:25.0950 4056  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
21:20:26.0075 4056  Modem - ok
21:20:26.0091 4056  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:20:26.0200 4056  Mouclass - ok
21:20:26.0216 4056  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:20:26.0341 4056  mouhid - ok
21:20:26.0357 4056  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:20:26.0466 4056  MountMgr - ok
21:20:26.0497 4056  [ B7BB92EDCBE8D0A0A541DD8DA46C0018 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:20:26.0497 4056  MozillaMaintenance ( UnsignedFile.Multi.Generic ) - warning
21:20:26.0497 4056  MozillaMaintenance - detected UnsignedFile.Multi.Generic (1)
21:20:26.0497 4056  mraid35x - ok
21:20:26.0513 4056  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:20:26.0622 4056  MRxDAV - ok
21:20:26.0638 4056  [ 7170AB42B51954DEF2781A4D1CCE65F4 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:20:26.0669 4056  MRxSmb - ok
21:20:26.0716 4056  [ 4E9A4E3B38DEF635C3EEDCEA7F958B39 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
21:20:26.0732 4056  MSDTC ( UnsignedFile.Multi.Generic ) - warning
21:20:26.0732 4056  MSDTC - detected UnsignedFile.Multi.Generic (1)
21:20:26.0763 4056  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:20:26.0872 4056  Msfs - ok
21:20:26.0872 4056  MSIServer - ok
21:20:26.0888 4056  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:20:26.0997 4056  MSKSSRV - ok
21:20:26.0997 4056  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:20:27.0107 4056  MSPCLOCK - ok
21:20:27.0122 4056  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:20:27.0216 4056  MSPQM - ok
21:20:27.0232 4056  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:20:27.0341 4056  mssmbios - ok
21:20:27.0372 4056  [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:20:27.0388 4056  MTsensor - ok
21:20:27.0404 4056  [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
21:20:27.0497 4056  Mup - ok
21:20:27.0529 4056  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:20:27.0654 4056  napagent - ok
21:20:27.0654 4056  ncbxcoksfz - ok
21:20:27.0685 4056  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:20:27.0794 4056  NDIS - ok
21:20:27.0794 4056  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:20:27.0982 4056  NdisTapi - ok
21:20:27.0997 4056  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:20:28.0107 4056  Ndisuio - ok
21:20:28.0107 4056  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:20:28.0232 4056  NdisWan - ok
21:20:28.0247 4056  [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:20:28.0357 4056  NDProxy - ok
21:20:28.0357 4056  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:20:28.0482 4056  NetBIOS - ok
21:20:28.0497 4056  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:20:28.0622 4056  NetBT - ok
21:20:28.0669 4056  [ AE6B03FC9A7DD99A48A2A7BE4B9B6056 ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:20:28.0669 4056  NetDDE ( UnsignedFile.Multi.Generic ) - warning
21:20:28.0669 4056  NetDDE - detected UnsignedFile.Multi.Generic (1)
21:20:28.0685 4056  [ AE6B03FC9A7DD99A48A2A7BE4B9B6056 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:20:28.0685 4056  NetDDEdsdm ( UnsignedFile.Multi.Generic ) - warning
21:20:28.0685 4056  NetDDEdsdm - detected UnsignedFile.Multi.Generic (1)
21:20:28.0716 4056  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:20:28.0841 4056  Netlogon - ok
21:20:28.0857 4056  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
21:20:28.0966 4056  Netman - ok
21:20:28.0997 4056  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:20:28.0997 4056  NetTcpPortSharing - ok
21:20:29.0029 4056  [ FCEE5FCB99F7C724593365C706D28388 ] Nla             C:\WINDOWS\System32\mswsock.dll
21:20:29.0075 4056  Nla - ok
21:20:29.0091 4056  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:20:29.0200 4056  Npfs - ok
21:20:29.0216 4056  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:20:29.0341 4056  Ntfs - ok
21:20:29.0357 4056  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
21:20:29.0482 4056  NtLmSsp - ok
21:20:29.0497 4056  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
21:20:29.0622 4056  NtmsSvc - ok
21:20:29.0638 4056  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:20:29.0997 4056  Null - ok
21:20:30.0169 4056  [ A05D99CBF55EB493C9E82B4BCA848EF5 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:20:30.0357 4056  nv - ok
21:20:30.0388 4056  [ 2CE409292F11216D30C8E0C4CCD79052 ] nvsvc           C:\WINDOWS\system32\nvsvc32.exe
21:20:30.0404 4056  nvsvc ( UnsignedFile.Multi.Generic ) - warning
21:20:30.0404 4056  nvsvc - detected UnsignedFile.Multi.Generic (1)
21:20:30.0419 4056  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:20:30.0529 4056  NwlnkFlt - ok
21:20:30.0529 4056  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:20:30.0654 4056  NwlnkFwd - ok
21:20:30.0654 4056  PanService - ok
21:20:30.0700 4056  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
21:20:30.0810 4056  Parport - ok
21:20:30.0825 4056  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
21:20:30.0935 4056  PartMgr - ok
21:20:30.0950 4056  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:20:31.0060 4056  ParVdm - ok
21:20:31.0075 4056  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
21:20:31.0185 4056  PCI - ok
21:20:31.0200 4056  PCIDump - ok
21:20:31.0216 4056  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
21:20:31.0325 4056  PCIIde - ok
21:20:31.0341 4056  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
21:20:31.0450 4056  Pcmcia - ok
21:20:31.0450 4056  PDCOMP - ok
21:20:31.0466 4056  PDFRAME - ok
21:20:31.0482 4056  PDRELI - ok
21:20:31.0482 4056  PDRFRAME - ok
21:20:31.0497 4056  perc2 - ok
21:20:31.0497 4056  perc2hib - ok
21:20:31.0529 4056  [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay        C:\WINDOWS\system32\services.exe
21:20:31.0654 4056  PlugPlay - ok
21:20:31.0669 4056  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
21:20:31.0794 4056  PolicyAgent - ok
21:20:31.0810 4056  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:20:31.0935 4056  PptpMiniport - ok
21:20:31.0935 4056  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:20:32.0075 4056  ProtectedStorage - ok
21:20:32.0075 4056  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:20:32.0200 4056  PSched - ok
21:20:32.0232 4056  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:20:32.0357 4056  Ptilink - ok
21:20:32.0357 4056  ql1080 - ok
21:20:32.0357 4056  Ql10wnt - ok
21:20:32.0372 4056  ql12160 - ok
21:20:32.0388 4056  ql1240 - ok
21:20:32.0388 4056  ql1280 - ok
21:20:32.0419 4056  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:20:32.0529 4056  RasAcd - ok
21:20:32.0544 4056  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:20:32.0669 4056  RasAuto - ok
21:20:32.0685 4056  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:20:32.0810 4056  Rasl2tp - ok
21:20:32.0825 4056  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:20:32.0950 4056  RasMan - ok
21:20:32.0966 4056  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:20:33.0091 4056  RasPppoe - ok
21:20:33.0107 4056  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:20:33.0216 4056  Raspti - ok
21:20:33.0247 4056  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:20:33.0372 4056  Rdbss - ok
21:20:33.0388 4056  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:20:33.0513 4056  RDPCDD - ok
21:20:33.0529 4056  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:20:33.0654 4056  rdpdr - ok
21:20:33.0685 4056  [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:20:33.0810 4056  RDPWD - ok
21:20:33.0857 4056  [ 3B25422FCE842086DE93F43C2F9EAA46 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
21:20:33.0888 4056  RDSessMgr ( UnsignedFile.Multi.Generic ) - warning
21:20:33.0888 4056  RDSessMgr - detected UnsignedFile.Multi.Generic (1)
21:20:33.0888 4056  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
21:20:33.0997 4056  redbook - ok
21:20:34.0029 4056  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:20:34.0154 4056  RemoteAccess - ok
21:20:34.0169 4056  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
21:20:34.0294 4056  RemoteRegistry - ok
21:20:34.0310 4056  [ 330E42B31708CA5A7BAD26FF96DE2DAE ] RkHit           C:\WINDOWS\system32\drivers\RKHit.sys
21:20:34.0325 4056  RkHit - ok
21:20:34.0357 4056  [ B39A292FB560C275648C0D23B0BCF34F ] RpcLocator      C:\WINDOWS\system32\locator.exe
21:20:34.0357 4056  RpcLocator ( UnsignedFile.Multi.Generic ) - warning
21:20:34.0357 4056  RpcLocator - detected UnsignedFile.Multi.Generic (1)
21:20:34.0372 4056  [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
21:20:34.0497 4056  RpcSs - ok
21:20:34.0544 4056  [ 0557CA742A810C8F51A77A5A0900AB47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
21:20:34.0560 4056  RSVP ( UnsignedFile.Multi.Generic ) - warning
21:20:34.0560 4056  RSVP - detected UnsignedFile.Multi.Generic (1)
21:20:34.0575 4056  [ 25BE98C05808C57E4D8D26477DC12D39 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:20:34.0607 4056  RTLE8023xp - ok
21:20:34.0622 4056  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
21:20:34.0732 4056  SamSs - ok
21:20:34.0763 4056  [ BF66E4EA51972A8CCE79B7E50B027D57 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:20:34.0779 4056  SCardSvr ( UnsignedFile.Multi.Generic ) - warning
21:20:34.0779 4056  SCardSvr - detected UnsignedFile.Multi.Generic (1)
21:20:34.0810 4056  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:20:34.0919 4056  Schedule - ok
21:20:34.0935 4056  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:20:34.0982 4056  Secdrv - ok
21:20:34.0997 4056  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:20:35.0122 4056  seclogon - ok
21:20:35.0122 4056  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
21:20:35.0263 4056  SENS - ok
21:20:35.0279 4056  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
21:20:35.0404 4056  serenum - ok
21:20:35.0404 4056  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
21:20:35.0529 4056  Serial - ok
21:20:35.0560 4056  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
21:20:35.0685 4056  Sfloppy - ok
21:20:35.0716 4056  [ A43F36201F68C96DA6CB7B1B0B788C60 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:20:35.0747 4056  SharedAccess - ok
21:20:35.0763 4056  [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:20:35.0872 4056  ShellHWDetection - ok
21:20:35.0872 4056  Simbad - ok
21:20:35.0888 4056  Sparrow - ok
21:20:35.0904 4056  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:20:36.0029 4056  splitter - ok
21:20:36.0029 4056  [ 007389A70CC7AD6052EF1950C2BCB9D9 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
21:20:36.0044 4056  Spooler ( UnsignedFile.Multi.Generic ) - warning
21:20:36.0044 4056  Spooler - detected UnsignedFile.Multi.Generic (1)
21:20:36.0075 4056  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:20:36.0122 4056  sr - ok
21:20:36.0138 4056  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
21:20:36.0200 4056  srservice - ok
21:20:36.0200 4056  [ AE4D13B572399B206B43D65DA4D9983D ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:20:36.0232 4056  Srv - ok
21:20:36.0263 4056  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus         C:\WINDOWS\system32\DRIVERS\ssadbus.sys
21:20:36.0325 4056  ssadbus - ok
21:20:36.0325 4056  [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl        C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
21:20:36.0357 4056  ssadmdfl - ok
21:20:36.0388 4056  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm         C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
21:20:36.0404 4056  ssadmdm - ok
21:20:36.0419 4056  [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd        C:\WINDOWS\system32\DRIVERS\ssadserd.sys
21:20:36.0450 4056  ssadserd - ok
21:20:36.0466 4056  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:20:36.0513 4056  SSDPSRV - ok
21:20:36.0544 4056  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:20:36.0669 4056  stisvc - ok
21:20:36.0685 4056  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:20:36.0794 4056  swenum - ok
21:20:36.0825 4056  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:20:36.0935 4056  swmidi - ok
21:20:36.0935 4056  SwPrv - ok
21:20:36.0950 4056  symc810 - ok
21:20:36.0966 4056  symc8xx - ok
21:20:36.0966 4056  sym_hi - ok
21:20:36.0982 4056  sym_u3 - ok
21:20:36.0982 4056  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:20:37.0122 4056  sysaudio - ok
21:20:37.0154 4056  [ 3F24C0F0FD43473CB3F7D0CFBC52CB09 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
21:20:37.0154 4056  SysmonLog ( UnsignedFile.Multi.Generic ) - warning
21:20:37.0154 4056  SysmonLog - detected UnsignedFile.Multi.Generic (1)
21:20:37.0169 4056  [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss          C:\WINDOWS\system32\DRIVERS\taphss.sys
21:20:37.0185 4056  taphss - ok
21:20:37.0200 4056  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:20:37.0325 4056  TapiSrv - ok
21:20:37.0341 4056  [ AD978A1B783B5719720CFF204B666C8E ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:20:37.0357 4056  Tcpip - ok
21:20:37.0388 4056  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:20:37.0513 4056  TDPIPE - ok
21:20:37.0513 4056  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
21:20:37.0654 4056  TDTCP - ok
21:20:37.0669 4056  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:20:37.0779 4056  TermDD - ok
21:20:37.0810 4056  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
21:20:37.0950 4056  TermService - ok
21:20:37.0966 4056  [ 1926899BF9FFE2602B63074971700412 ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:20:38.0091 4056  Themes - ok
21:20:38.0154 4056  [ 71D19BEBF030EBEC0419C2D279A79DF7 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
21:20:38.0154 4056  TlntSvr ( UnsignedFile.Multi.Generic ) - warning
21:20:38.0154 4056  TlntSvr - detected UnsignedFile.Multi.Generic (1)
21:20:38.0169 4056  TosIde - ok
21:20:38.0185 4056  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:20:38.0294 4056  TrkWks - ok
21:20:38.0310 4056  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:20:38.0450 4056  Udfs - ok
21:20:38.0450 4056  ultra - ok
21:20:38.0497 4056  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:20:38.0607 4056  Update - ok
21:20:38.0638 4056  [ 524A28CB03BE8C9AFB9A8CB7B12CC367 ] UPHClean        C:\Program Files\UPHClean\uphclean.exe
21:20:38.0638 4056  UPHClean ( UnsignedFile.Multi.Generic ) - warning
21:20:38.0638 4056  UPHClean - detected UnsignedFile.Multi.Generic (1)
21:20:38.0669 4056  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:20:38.0716 4056  upnphost - ok
21:20:38.0747 4056  [ B20C9ABED7EE372E67CE18CCFACEC741 ] UPS             C:\WINDOWS\System32\ups.exe
21:20:38.0747 4056  UPS ( UnsignedFile.Multi.Generic ) - warning
21:20:38.0747 4056  UPS - detected UnsignedFile.Multi.Generic (1)
21:20:38.0763 4056  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:20:38.0888 4056  usbccgp - ok
21:20:38.0919 4056  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:20:39.0029 4056  usbehci - ok
21:20:39.0044 4056  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:20:39.0169 4056  usbhub - ok
21:20:39.0200 4056  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:20:39.0325 4056  USBSTOR - ok
21:20:39.0325 4056  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:20:39.0466 4056  usbuhci - ok
21:20:39.0482 4056  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
21:20:39.0607 4056  VgaSave - ok
21:20:39.0622 4056  ViaIde - ok
21:20:39.0638 4056  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
21:20:39.0747 4056  VolSnap - ok
21:20:39.0794 4056  [ 89CBBEA7ACC8DE6FA3437D08702F9B36 ] VSS             C:\WINDOWS\System32\vssvc.exe
21:20:39.0794 4056  VSS ( UnsignedFile.Multi.Generic ) - warning
21:20:39.0794 4056  VSS - detected UnsignedFile.Multi.Generic (1)
21:20:39.0810 4056  [ F1C4D960C707610EB33B7473DB0181DC ] W32Time         C:\WINDOWS\system32\w32time.dll
21:20:39.0825 4056  W32Time - ok
21:20:39.0841 4056  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:20:39.0966 4056  Wanarp - ok
21:20:39.0966 4056  WDICA - ok
21:20:39.0982 4056  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:20:40.0122 4056  wdmaud - ok
21:20:40.0138 4056  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:20:40.0263 4056  WebClient - ok
21:20:40.0325 4056  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:20:40.0435 4056  winmgmt - ok
21:20:40.0466 4056  [ 657C5F66BA4DD42079E205FD00FC2422 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
21:20:40.0513 4056  WinRM - ok
21:20:40.0544 4056  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
21:20:40.0591 4056  WmdmPmSN - ok
21:20:40.0607 4056  [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] Wmi             C:\WINDOWS\System32\advapi32.dll
21:20:40.0716 4056  Wmi - ok
21:20:40.0779 4056  [ 3D61E595F1C137765589BAFF0C4E757C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:20:40.0794 4056  WmiApSrv ( UnsignedFile.Multi.Generic ) - warning
21:20:40.0794 4056  WmiApSrv - detected UnsignedFile.Multi.Generic (1)
21:20:40.0841 4056  [ D48801AC032F4C0C1461E2B7707C7CDB ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
21:20:40.0872 4056  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
21:20:40.0872 4056  WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
21:20:40.0904 4056  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
21:20:41.0013 4056  wscsvc - ok
21:20:41.0029 4056  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
21:20:41.0138 4056  wuauserv - ok
21:20:41.0154 4056  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:20:41.0185 4056  WudfPf - ok
21:20:41.0185 4056  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:20:41.0200 4056  WudfRd - ok
21:20:41.0216 4056  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
21:20:41.0232 4056  WudfSvc - ok
21:20:41.0247 4056  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:20:41.0372 4056  WZCSVC - ok
21:20:41.0388 4056  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
21:20:41.0529 4056  xmlprov - ok
21:20:41.0529 4056  ================ Scan global ===============================
21:20:41.0560 4056  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:20:41.0575 4056  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
21:20:41.0591 4056  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
21:20:41.0607 4056  [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
21:20:41.0607 4056  [Global] - ok
21:20:41.0607 4056  ================ Scan MBR ==================================
21:20:41.0622 4056  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:20:41.0857 4056  \Device\Harddisk0\DR0 - ok
21:20:41.0857 4056  ================ Scan VBR ==================================
21:20:41.0857 4056  [ C38FFCAECA4B2702F0A31AFCB71E62B4 ] \Device\Harddisk0\DR0\Partition1
21:20:41.0872 4056  \Device\Harddisk0\DR0\Partition1 - ok
21:20:41.0872 4056  [ 66B42A0B3268CAF5B6427A4C4A5FED64 ] \Device\Harddisk0\DR0\Partition2
21:20:41.0872 4056  \Device\Harddisk0\DR0\Partition2 - ok
21:20:41.0904 4056  [ 52BF15EC2E62EA749A9CB508BC8FAA88 ] \Device\Harddisk0\DR0\Partition3
21:20:41.0904 4056  \Device\Harddisk0\DR0\Partition3 - ok
21:20:41.0919 4056  [ 0F09D6B89084948A7E1A50D4C456E960 ] \Device\Harddisk0\DR0\Partition4
21:20:41.0919 4056  \Device\Harddisk0\DR0\Partition4 - ok
21:20:41.0935 4056  [ 5AE17B2E7EE05E7D7ADA731468BEBD9E ] \Device\Harddisk0\DR0\Partition5
21:20:41.0935 4056  \Device\Harddisk0\DR0\Partition5 - ok
21:20:41.0950 4056  [ ABED24824F2A18686A38CBCCA97859A1 ] \Device\Harddisk0\DR0\Partition6
21:20:41.0966 4056  \Device\Harddisk0\DR0\Partition6 - ok
21:20:41.0966 4056  ============================================================
21:20:41.0966 4056  Scan finished
21:20:41.0966 4056  ============================================================
21:20:42.0091 2144  Detected object count: 28
21:20:42.0091 2144  Actual detected object count: 28
21:21:01.0904 2144  ALG ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0904 2144  ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0904 2144  aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0904 2144  aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0904 2144  CiSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0904 2144  CiSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0919 2144  ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0919 2144  ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0919 2144  clr_optimization_v2.0.50727_32 ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0919 2144  clr_optimization_v2.0.50727_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0919 2144  ExpatTrayService ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0919 2144  ExpatTrayService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0919 2144  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0919 2144  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0919 2144  idsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0919 2144  idsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0919 2144  ImapiService ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0919 2144  ImapiService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0919 2144  JavaQuickStarterService ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0919 2144  JavaQuickStarterService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0935 2144  mnmsrvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0935 2144  mnmsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0935 2144  MozillaMaintenance ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0935 2144  MozillaMaintenance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0935 2144  MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0935 2144  MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0935 2144  NetDDE ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0935 2144  NetDDE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0935 2144  NetDDEdsdm ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0935 2144  NetDDEdsdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0935 2144  nvsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0935 2144  nvsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0935 2144  RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0935 2144  RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0935 2144  RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0935 2144  RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0950 2144  RSVP ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0950 2144  RSVP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0950 2144  SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0950 2144  SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0950 2144  Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0950 2144  Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0950 2144  SysmonLog ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0950 2144  SysmonLog ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0950 2144  TlntSvr ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0950 2144  TlntSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0950 2144  UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0950 2144  UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0950 2144  UPS ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0950 2144  UPS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0950 2144  VSS ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0950 2144  VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0950 2144  WmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0950 2144  WmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:01.0966 2144  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:01.0966 2144  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:04.0685 2424  Deinitialize success

OTL gave me two logs but you said it would give me only one log. Maybe I'm doing something wrong. I'll post them if you want but they look similar to the last ones I think.

I can't have access to the site you mentioned in your last post either. I even used VPN but nothing. Do you think it might be that I'm using Firefox?

About Spyware Cease, well, I was searching about how to remove win32.vitro and some site suggested that this one might solve the problem which didn't. I will remove it I guess.

Edited by Nimation, 30 July 2013 - 11:18 AM.

[RKinner]

Post the OTL log. It may look the same but it has new stuff at the bottom.

See if you can get this one:

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then run it. It should reboot whenit finishes. If it doesn't please do so.


Start, Run, cmd , OK to bring up a command window. Type (with an Enter after each line):

net  start  rpcss  >  \junk.txt

net  start  >>  \junk.txt

notepad  \junk.txt

(I use two spaces in the code box so you can be sure to see where one space goes.)


Try running Firefox in Safe Mode:

At the top of the Firefox window, click the Firefox button, go over to the Help menu and select Restart with Add-ons Disabled.... Firefox will start up with the Firefox Safe Mode dialog.
Note: You can also start Firefox in Safe Mode by holding down the shift key while starting Firefox.

Click on Start in Safe mode.

IF that doesn't work then it's probably something outside your computer.

[Nimation]

Here's OTL log:

OTL logfile created on: 2013/07/30 09:12:10 ب.ظ - Run 3
OTL by OldTimer - Version 3.2.70.2     Folder = C:\downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000429 | Country: Iran | Language: FAR | Date Format: yyyy/MM/dd
 
2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.33% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.53 Gb Free Space | 48.79% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 8.87 Gb Free Space | 18.16% Space Free | Partition Type: NTFS
Drive E: | 98.64 Gb Total Space | 5.57 Gb Free Space | 5.64% Space Free | Partition Type: NTFS
Drive F: | 98.64 Gb Total Space | 27.48 Gb Free Space | 27.86% Space Free | Partition Type: NTFS
Drive G: | 98.64 Gb Total Space | 9.66 Gb Free Space | 9.79% Space Free | Partition Type: NTFS
Drive H: | 101.48 Gb Total Space | 0.85 Gb Free Space | 0.84% Space Free | Partition Type: NTFS
Drive I: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: ARYANCD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/07/30 06:52:47 | 000,628,736 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL_3.exe
PRC - [2013/07/21 19:24:45 | 003,612,240 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2013/07/14 02:57:02 | 000,339,416 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/06/18 18:51:12 | 001,098,200 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/12/12 18:14:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2012/01/18 01:50:26 | 000,653,640 | ---- | M] () -- C:\Program Files\Expat Shield\bin\openvpntray.exe
PRC - [2012/01/18 01:45:44 | 000,331,608 | ---- | M] () -- C:\Program Files\Expat Shield\bin\openvpnas.exe
PRC - [2012/01/18 01:44:42 | 000,777,694 | ---- | M] () -- C:\Program Files\Expat Shield\bin\openvpn.exe
PRC - [2012/01/05 03:32:10 | 001,051,092 | ---- | M] () -- C:\Program Files\Expat Shield\bin\fbw.exe
PRC - [2012/01/05 03:32:02 | 000,329,544 | ---- | M] () -- C:\Program Files\Expat Shield\bin\hsswd.exe
PRC - [2012/01/05 03:31:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Expat Shield\HssWPR\hsssrv.exe
PRC - [2010/02/28 00:32:06 | 000,443,356 | ---- | M] (BWMONITOR.COM) -- C:\Program Files\BandwidthMonitor\BWMonitor.exe
PRC - [2008/04/14 16:30:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/27 14:59:24 | 000,447,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013/07/30 20:45:28 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Temp\vma18.tmp
MOD - [2013/07/30 20:35:46 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Temp\wqa5.tmp
MOD - [2013/07/30 20:35:46 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Temp\lqa6.tmp
MOD - [2013/07/30 20:35:46 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Temp\eqa3.tmp
MOD - [2013/07/30 20:35:36 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Temp\tma1.tmp
MOD - [2013/07/21 23:41:31 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Temp\cxc1AA.tmp
MOD - [2013/06/18 18:51:31 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/18 01:51:26 | 000,009,544 | ---- | M] () -- C:\Program Files\Expat Shield\bin\lang\gui-eng.dll
MOD - [2012/01/18 01:50:26 | 000,653,640 | ---- | M] () -- C:\Program Files\Expat Shield\bin\openvpntray.exe
MOD - [2012/01/18 01:45:44 | 000,331,608 | ---- | M] () -- C:\Program Files\Expat Shield\bin\openvpnas.exe
MOD - [2012/01/18 01:44:42 | 000,777,694 | ---- | M] () -- C:\Program Files\Expat Shield\bin\openvpn.exe
MOD - [2012/01/05 03:32:10 | 001,051,092 | ---- | M] () -- C:\Program Files\Expat Shield\bin\fbw.exe
MOD - [2012/01/05 03:32:02 | 000,329,544 | ---- | M] () -- C:\Program Files\Expat Shield\bin\hsswd.exe
MOD - [2009/11/18 23:51:46 | 000,473,704 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2009/03/30 07:04:30 | 000,280,143 | ---- | M] () -- C:\Program Files\Expat Shield\bin\libidn-11.dll
MOD - [2009/03/28 00:32:24 | 000,332,254 | ---- | M] () -- C:\Program Files\Expat Shield\bin\libssl32.dll
MOD - [2009/03/28 00:32:22 | 001,554,920 | ---- | M] () -- C:\Program Files\Expat Shield\bin\libeay32.dll
MOD - [2009/02/12 02:00:02 | 000,190,976 | ---- | M] () -- C:\WINDOWS\system32\WgaLogon.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\yygeym.exe -- (ncbxcoksfz)
SRV - [2013/07/14 02:57:02 | 000,339,416 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/18 18:51:21 | 000,294,872 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/18 01:52:02 | 000,255,452 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Expat Shield\bin\EXPATTrayService.exe -- (ExpatTrayService)
SRV - [2012/01/18 01:45:44 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Expat Shield\bin\openvpnas.exe -- (ExpatShieldService)
SRV - [2012/01/05 03:32:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Expat Shield\bin\hsswd.exe -- (ExpatWd)
SRV - [2012/01/05 03:31:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Expat Shield\HssWPR\hsssrv.exe -- (ExpatSrv)
SRV - [2005/04/27 14:59:24 | 000,447,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/06/27 14:27:42 | 000,118,344 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2012/01/05 03:31:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/05/13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/05/13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/05/13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/30 10:54:06 | 000,034,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/11/14 01:16:38 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2006/08/14 02:39:00 | 000,083,200 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2004/08/13 07:26:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.5
FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.53
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2013/07/21 19:24:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2013/07/21 19:24:20 | 000,000,000 | ---D | M]
 
[2013/07/14 02:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/07/28 03:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9iw30a3g.default\extensions
[2013/07/14 03:13:37 | 000,350,663 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9iw30a3g.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/07/28 03:46:18 | 000,824,431 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9iw30a3g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/17 16:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/17 16:05:46 | 000,000,000 | ---D | M] (Expat Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/07/14 02:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/14 02:42:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/21 19:24:20 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\IDM\IDMMZCC5
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - Extension: saaFe  saave = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmofclbgcldhlneeekegkmandcnjhcig\1\
 
O1 HOSTS File: ([2013/07/30 20:35:36 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.Brenz.pl
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [SCHelper.exe] C:\Program Files\Spyware Cease 2011\SCHelper.exe (QW Computer)
O4 - HKLM..\Run: [SpywareCease2011.exe] C:\Program Files\Spyware Cease 2011\SpywareCease2011.exe (QW Computer)
O4 - HKCU..\Run: [BandwidthMonitor] C:\Program Files\BandwidthMonitor\BWMonitor.exe (BWMONITOR.COM)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F06DD4D-DCA9-430B-924D-9A1D2A454F6E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63116FA5-BAF8-491B-BD9E-69A2F9D53012}: DhcpNameServer = 8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/07/14 01:42:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/28 13:53:54 | 000,000,051 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8e9db5f5-ec21-11e2-9e2b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8e9db5f5-ec21-11e2-9e2b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e9db5f5-ec21-11e2-9e2b-806d6172696f}\Shell\AutoRun\command - "" = I:\WinXP2009.exe -- [2008/12/28 13:53:54 | 001,126,076 | R--- | M] (Aryan)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/07/30 05:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Cease 2011
[2013/07/30 05:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Cease 2011
[2013/07/27 16:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PS3 Tools
[2013/07/27 16:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\NPDRM GUI Tools
[2013/07/26 21:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Halfbrick
[2013/07/26 21:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Intel
[2013/07/26 21:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Fruit Ninja HD
[2013/07/26 21:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\Fruit Ninja HD
[2013/07/25 22:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Stella
[2013/07/24 18:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\ps3tools
[2013/07/22 16:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.vfsjfilechooser
[2013/07/21 18:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AlawarWrapper
[2013/07/20 21:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Cool Reader
[2013/07/20 21:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\cr3
[2013/07/17 16:06:20 | 000,000,000 | ---D | C] -- C:\Expat Shield
[2013/07/17 16:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Expat Shield
[2013/07/17 16:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\Expat Shield
[2013/07/17 08:11:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/07/17 08:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/07/17 08:01:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/07/16 11:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\MAMEUIFX32
[2013/07/16 09:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2013/07/16 03:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Tools
[2013/07/14 13:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ps3psarc
[2013/07/14 06:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/07/14 06:04:39 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2013/07/14 06:04:39 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2013/07/14 06:04:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2013/07/14 06:04:38 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2013/07/14 06:02:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2013/07/14 06:00:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2013/07/14 05:59:25 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2013/07/14 05:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2013/07/14 05:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2013/07/14 05:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2013/07/14 05:59:17 | 000,000,000 | R--D | C] -- C:\Program Files
[2013/07/14 05:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2013/07/14 05:59:13 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Thawbrkr.dll
[2013/07/14 05:59:12 | 000,005,120 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgeo.dll
[2013/07/14 05:59:12 | 000,005,120 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdarmw.dll
[2013/07/14 05:59:12 | 000,005,120 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdarme.dll
[2013/07/14 05:59:10 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinpun.dll
[2013/07/14 05:59:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdintel.dll
[2013/07/14 05:59:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinmar.dll
[2013/07/14 05:59:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinkan.dll
[2013/07/14 05:59:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinhin.dll
[2013/07/14 05:59:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinguj.dll
[2013/07/14 05:59:09 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_iscii.dll
[2013/07/14 05:59:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdvntc.dll
[2013/07/14 05:59:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdintam.dll
[2013/07/14 05:59:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdindev.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdurdu.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsyr2.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsyr1.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfa.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbddiv2.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbddiv1.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbda3.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbda2.dll
[2013/07/14 05:59:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbda1.dll
[2013/07/14 05:59:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusa.dll
[2013/07/14 05:58:58 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdheb.dll
[2013/07/14 05:58:48 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdth3.dll
[2013/07/14 05:58:47 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdth2.dll
[2013/07/14 05:58:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftlx041e.dll
[2013/07/14 05:58:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdth1.dll
[2013/07/14 05:58:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdth0.dll
[2013/07/14 05:58:42 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2013/07/14 05:58:41 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2013/07/14 05:58:41 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2013/07/14 05:58:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2013/07/14 05:58:34 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2013/07/14 05:58:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2013/07/14 05:58:34 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2013/07/14 05:58:34 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2013/07/14 05:58:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2013/07/14 05:58:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2013/07/14 05:58:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2013/07/14 05:58:32 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2013/07/14 05:58:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2013/07/14 05:58:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2013/07/14 05:58:31 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2013/07/14 05:58:31 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2013/07/14 05:58:29 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2013/07/14 05:58:29 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2013/07/14 05:58:29 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2013/07/14 05:58:29 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2013/07/14 05:58:29 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2013/07/14 05:58:28 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2013/07/14 05:58:28 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2013/07/14 05:58:28 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2013/07/14 05:58:28 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2013/07/14 05:58:28 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2013/07/14 05:58:28 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2013/07/14 05:58:28 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2013/07/14 05:58:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2013/07/14 05:58:18 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2013/07/14 05:58:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2013/07/14 05:58:17 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2013/07/14 05:58:17 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2013/07/14 05:58:17 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2013/07/14 05:58:17 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2013/07/14 05:58:16 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2013/07/14 05:58:16 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2013/07/14 05:58:16 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2013/07/14 05:58:16 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2013/07/14 05:58:16 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2013/07/14 05:58:16 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2013/07/14 05:58:15 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2013/07/14 05:58:15 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2013/07/14 05:58:15 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2013/07/14 05:58:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2013/07/14 05:58:15 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2013/07/14 05:58:15 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2013/07/14 05:58:14 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2013/07/14 05:58:14 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2013/07/14 05:58:14 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2013/07/14 05:58:14 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2013/07/14 05:58:14 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2013/07/14 05:58:14 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2013/07/14 05:58:13 | 000,220,124 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2013/07/14 05:58:13 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2013/07/14 05:58:13 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2013/07/14 05:58:12 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2013/07/14 05:58:12 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2013/07/14 05:58:12 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2013/07/14 05:58:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2013/07/14 05:57:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2013/07/14 05:57:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2013/07/14 05:57:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2013/07/14 05:57:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2013/07/14 05:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2013/07/14 05:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2013/07/14 05:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2013/07/14 05:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2013/07/14 05:55:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2013/07/14 05:55:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2013/07/14 05:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2013/07/14 05:52:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/07/14 05:42:35 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2013/07/14 05:42:35 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2013/07/14 05:42:35 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2013/07/14 05:42:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Offline Web Pages
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2013/07/14 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2013/07/14 04:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Warlords Battlecry III
[2013/07/14 04:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Games
[2013/07/14 04:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\LDW
[2013/07/14 04:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Deer Drive
[2013/07/14 04:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Farmington Tales
[2013/07/14 04:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ViquaSoft
[2013/07/14 04:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\URSE Games
[2013/07/14 04:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PlayFirst
[2013/07/14 04:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Meridian93
[2013/07/14 04:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ManifestoGames
[2013/07/14 04:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GameHouse
[2013/07/14 04:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\EA
[2013/07/14 04:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Chicken Chase
[2013/07/14 04:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AlawarEntertainment
[2013/07/14 04:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Alawar
[2013/07/14 04:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\1morebee
[2013/07/14 04:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\YoudaGames
[2013/07/14 04:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\PlayfulAge
[2013/07/14 04:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2013/07/14 04:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2013/07/14 04:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OrganicCoffee
[2013/07/14 04:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2013/07/14 04:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2013/07/14 04:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2013/07/14 04:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2013/07/14 04:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Rome
[2013/07/14 04:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EA
[2013/07/14 04:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CrioGames
[2013/07/14 04:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2013/07/14 03:56:17 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01005.dll
[2013/07/14 03:56:17 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WdfCoInstaller01005.dll
[2013/07/14 03:56:17 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadmdm.sys
[2013/07/14 03:56:17 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadbus.sys
[2013/07/14 03:56:17 | 000,114,280 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadserd.sys
[2013/07/14 03:56:17 | 000,030,312 | ---- | C] (Google Inc) -- C:\WINDOWS\System32\drivers\ssadadb.sys
[2013/07/14 03:56:17 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadmdfl.sys
[2013/07/14 03:56:17 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadcmnt.sys
[2013/07/14 03:56:17 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadcm.sys
[2013/07/14 03:56:17 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadwhnt.sys
[2013/07/14 03:56:17 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadwh.sys
[2013/07/14 03:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2013/07/14 03:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\saaFe  saave
[2013/07/14 03:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2013/07/14 03:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/07/14 03:26:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/07/14 03:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2013/07/14 03:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BWMonitor
[2013/07/14 02:58:51 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2013/07/14 02:58:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2013/07/14 02:58:50 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2013/07/14 02:58:50 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2013/07/14 02:58:50 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2013/07/14 02:58:50 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2013/07/14 02:58:49 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2013/07/14 02:58:49 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2013/07/14 02:58:49 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2013/07/14 02:58:49 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2013/07/14 02:58:49 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2013/07/14 02:58:48 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2013/07/14 02:58:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2013/07/14 02:58:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2013/07/14 02:58:47 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2013/07/14 02:58:47 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2013/07/14 02:58:47 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2013/07/14 02:58:47 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2013/07/14 02:58:46 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2013/07/14 02:58:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2013/07/14 02:58:46 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2013/07/14 02:58:46 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2013/07/14 02:58:45 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2013/07/14 02:58:45 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2013/07/14 02:58:45 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2013/07/14 02:58:45 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2013/07/14 02:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\CDisplay
[2013/07/14 02:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CDisplay
[2013/07/14 02:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2013/07/14 02:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/07/14 02:57:19 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/07/14 02:57:19 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/07/14 02:57:19 | 000,424,414 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/14 02:57:19 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/07/14 02:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\BandwidthMonitor
[2013/07/14 02:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Bandwidth Monitor
[2013/07/14 02:57:08 | 000,351,706 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/14 02:57:08 | 000,351,704 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/14 02:57:08 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/14 02:55:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\UltraISO
[2013/07/14 02:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2013/07/14 02:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My ISO Files
[2013/07/14 02:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems
[2013/07/14 02:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IDM
[2013/07/14 02:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IDM
[2013/07/14 02:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2013/07/14 02:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2013/07/14 02:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager
[2013/07/14 02:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Download Manager
[2013/07/14 02:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2013/07/14 02:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ProgSense
[2013/07/14 02:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Orbit
[2013/07/14 02:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GrabPro
[2013/07/14 02:48:58 | 000,000,000 | ---D | C] -- C:\downloads
[2013/07/14 02:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2013/07/14 02:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Orbit
[2013/07/14 02:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2013/07/14 02:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/07/14 02:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/07/14 02:45:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2013/07/14 02:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2013/07/14 02:43:37 | 000,869,850 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/07/14 02:43:37 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/07/14 02:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2013/07/14 02:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2013/07/14 02:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/07/14 02:42:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/07/14 02:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/07/14 02:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PANDORATV
[2013/07/14 02:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\The KMPlayer
[2013/07/14 02:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2013/07/14 02:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2013/07/14 02:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
[2013/07/14 02:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2013/07/14 02:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/07/14 02:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Wocarson
[2013/07/14 02:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Mini Games
[2013/07/14 02:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2013/07/14 02:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2013/07/14 02:32:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/07/14 02:31:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2013/07/14 02:31:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2013/07/14 02:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Realtek
[2013/07/14 02:29:31 | 000,083,200 | R--- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys
[2013/07/14 02:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/07/14 02:29:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2013/07/14 02:29:22 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2013/07/14 02:27:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2013/07/14 02:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NVIDIA Corporation
[2013/07/14 02:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/07/14 02:23:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2013/07/14 02:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/07/14 02:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2013/07/14 02:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/07/14 02:21:29 | 013,602,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2013/07/14 02:21:29 | 011,374,592 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2013/07/14 02:21:29 | 004,038,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2013/07/14 02:21:29 | 002,259,560 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2013/07/14 02:21:29 | 001,989,224 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2013/07/14 02:21:29 | 001,056,768 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2013/07/14 02:21:29 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2013/07/14 02:21:29 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2013/07/14 02:21:29 | 000,069,632 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2013/07/14 02:21:21 | 006,282,752 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2013/07/14 02:21:11 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/07/14 02:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2013/07/14 02:16:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2013/07/14 02:16:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2013/07/14 02:16:04 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2013/07/14 02:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2013/07/14 02:15:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2013/07/14 02:15:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2013/07/14 02:15:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2013/07/14 02:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2013/07/14 02:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2013/07/14 02:15:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2013/07/14 02:15:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2013/07/14 02:15:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/07/14 02:15:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2013/07/14 02:15:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2013/07/14 02:15:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2013/07/14 02:15:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2013/07/14 02:15:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2013/07/14 02:15:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2013/07/14 02:15:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2013/07/14 02:15:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2013/07/14 02:15:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2013/07/14 02:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\GSpot
[2013/07/14 02:13:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2013/07/14 02:13:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2013/07/14 02:10:00 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2013/07/14 02:09:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2013/07/14 02:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Utilities
[2013/07/14 02:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2013/07/14 02:06:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/07/14 02:06:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2013/07/14 02:05:58 | 000,339,922 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsmanhttpconfig.exe
[2013/07/14 02:05:58 | 000,242,138 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winrs.exe
[2013/07/14 02:05:58 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsmres.dll
[2013/07/14 02:05:58 | 000,223,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winrshost.exe
[2013/07/14 02:05:58 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winrsmgr.dll
[2013/07/14 02:05:58 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsmwmipl.dll
[2013/07/14 02:05:58 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winrscmd.dll
[2013/07/14 02:05:58 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsmauto.dll
[2013/07/14 02:05:58 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wevtfwd.dll
[2013/07/14 02:05:58 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsmprov.dll
[2013/07/14 02:05:58 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winrssrv.dll
[2013/07/14 02:05:58 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsmcl.dll
[2013/07/14 02:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal Viewer
[2013/07/14 02:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\UPHClean
[2013/07/14 02:05:35 | 001,379,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2013/07/14 02:05:21 | 001,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2013/07/14 01:59:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2013/07/14 01:59:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2013/07/14 01:59:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2013/07/14 01:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/07/14 01:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/07/14 01:59:14 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2013/07/14 01:59:10 | 000,624,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2013/07/14 01:59:09 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2013/07/14 01:59:09 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2013/07/14 01:59:09 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2013/07/14 01:59:06 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2013/07/14 01:59:03 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2013/07/14 01:57:49 | 000,222,678 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qchain.exe
[2013/07/14 01:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\GSpot
[2013/07/14 01:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2013/07/14 01:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime Alternative
[2013/07/14 01:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/07/14 01:54:43 | 000,090,112 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2013/07/14 01:54:43 | 000,057,344 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2013/07/14 01:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2013/07/14 01:54:22 | 000,410,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2013/07/14 01:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/07/14 01:53:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2013/07/14 01:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/07/14 01:53:02 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2013/07/14 01:53:02 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2013/07/14 01:53:02 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2013/07/14 01:53:02 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2013/07/14 01:53:02 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_9.dll
[2013/07/14 01:53:02 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_8.dll
[2013/07/14 01:53:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine3_2.dll
[2013/07/14 01:53:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine3_1.dll
[2013/07/14 01:53:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine3_0.dll
[2013/07/14 01:53:02 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine3_3.dll
[2013/07/14 01:53:02 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XInput1_3.dll
[2013/07/14 01:53:02 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2013/07/14 01:53:02 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2013/07/14 01:53:02 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2013/07/14 01:53:02 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XInput1_2.dll
[2013/07/14 01:53:02 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XInput1_1.dll
[2013/07/14 01:53:02 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XInput9_1_0.dll
[2013/07/14 01:53:01 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2013/07/14 01:53:01 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_39.dll
[2013/07/14 01:53:01 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_10.dll
[2013/07/14 01:53:01 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_7.dll
[2013/07/14 01:53:01 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_6.dll
[2013/07/14 01:53:01 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_5.dll
[2013/07/14 01:53:01 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_4.dll
[2013/07/14 01:53:01 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_3.dll
[2013/07/14 01:53:01 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_2.dll
[2013/07/14 01:53:01 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_0.dll
[2013/07/14 01:53:01 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngine2_1.dll
[2013/07/14 01:53:01 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2013/07/14 01:53:01 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2013/07/14 01:53:01 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2013/07/14 01:53:01 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2013/07/14 01:53:01 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2013/07/14 01:53:01 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_0.dll
[2013/07/14 01:53:00 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_38.dll
[2013/07/14 01:53:00 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_37.dll
[2013/07/14 01:53:00 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2013/07/14 01:53:00 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2013/07/14 01:52:59 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2013/07/14 01:52:59 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2013/07/14 01:52:59 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2013/07/14 01:52:59 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2013/07/14 01:52:59 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2013/07/14 01:52:58 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2013/07/14 01:52:58 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2013/07/14 01:52:58 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2013/07/14 01:52:58 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2013/07/14 01:52:58 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2013/07/14 01:52:58 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2013/07/14 01:52:58 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2013/07/14 01:52:58 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2013/07/14 01:52:58 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2013/07/14 01:52:58 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2013/07/14 01:52:57 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2013/07/14 01:52:57 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2013/07/14 01:52:57 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2013/07/14 01:52:57 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2013/07/14 01:52:57 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2013/07/14 01:52:57 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2013/07/14 01:52:57 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2013/07/14 01:52:57 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2013/07/14 01:52:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2013/07/14 01:52:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2013/07/14 01:52:57 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2013/07/14 01:52:57 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2013/07/14 01:52:57 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10.dll
[2013/07/14 01:52:30 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/07/14 01:52:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2013/07/14 01:52:30 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013/07/14 01:52:29 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/07/14 01:52:29 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2013/07/14 01:52:29 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2013/07/14 01:52:29 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2013/07/14 01:52:29 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2013/07/14 01:52:29 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/07/14 01:52:29 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013/07/14 01:52:29 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/07/14 01:52:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2013/07/14 01:52:28 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/07/14 01:52:28 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013/07/14 01:52:28 | 000,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2013/07/14 01:52:28 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2013/07/14 01:52:28 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013/07/14 01:52:28 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2013/07/14 01:52:28 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2013/07/14 01:52:27 | 002,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2013/07/14 01:52:27 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2013/07/14 01:52:27 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/07/14 01:52:27 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2013/07/14 01:52:27 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2013/07/14 01:52:27 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2013/07/14 01:52:27 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2013/07/14 01:52:26 | 001,831,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013/07/14 01:52:26 | 001,159,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/07/14 01:52:26 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/07/14 01:52:25 | 006,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/07/14 01:52:25 | 000,635,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2013/07/14 01:51:55 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/07/14 01:51:42 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2013/07/14 01:51:42 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll
[2013/07/14 01:51:42 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2013/07/14 01:51:42 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll
[2013/07/14 01:51:42 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2013/07/14 01:51:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/07/14 01:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2013/07/14 01:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/07/14 01:50:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2013/07/14 01:50:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2013/07/14 01:50:14 | 000,204,252 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2013/07/14 01:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2013/07/14 01:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2013/07/14 01:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2013/07/14 01:49:32 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2013/07/14 01:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013/07/14 01:42:35 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2013/07/14 01:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2013/07/14 01:42:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2013/07/14 01:41:49 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2013/07/14 01:41:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache
[2013/07/14 01:41:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2013/07/14 01:41:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2013/07/14 01:40:55 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2013/07/14 01:40:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2013/07/14 01:40:24 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2013/07/14 01:40:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2013/07/14 01:40:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2013/07/14 01:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2013/07/14 01:40:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2013/07/14 01:40:02 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2013/07/14 01:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2013/07/14 01:39:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2013/07/14 01:39:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2013/07/14 01:39:53 | 000,370,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2013/07/14 01:39:53 | 000,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2013/07/14 01:39:53 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2013/07/14 01:39:53 | 000,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2013/07/14 01:39:52 | 000,563,912 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2013/07/14 01:39:52 | 000,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.wusetup.1975078.bak
[2013/07/14 01:39:52 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2013/07/14 01:39:52 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2013/07/14 01:39:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2013/07/14 01:39:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2013/07/14 01:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2013/07/14 01:39:24 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2013/07/14 01:39:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2013/07/14 01:39:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2013/07/14 01:39:24 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2013/07/14 01:39:20 | 000,227,798 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2013/07/14 01:39:19 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2013/07/14 01:39:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2013/07/14 01:39:18 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2013/07/14 01:39:18 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2013/07/14 01:39:18 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2013/07/14 01:39:18 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2013/07/14 01:39:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2013/07/14 01:39:14 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2013/07/14 01:39:14 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2013/07/14 01:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2013/07/14 01:39:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2013/07/14 01:39:10 | 000,217,050 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2013/07/14 01:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2013/07/14 01:39:09 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2013/07/14 01:39:09 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2013/07/14 01:39:09 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2013/07/14 01:39:09 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2013/07/14 01:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2013/07/14 01:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2013/07/14 01:38:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2013/07/14 01:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Applocale
[2013/07/14 01:38:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2013/07/14 01:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2013/07/14 01:38:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2013/07/14 01:38:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2013/07/14 01:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2013/07/14 01:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/07/14 01:37:57 | 001,474,560 | ---- | C] (Option^Explicit Software Solutions) -- C:\WINDOWS\System32\WinsockxpFix.exe
[2013/07/14 01:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2013/07/14 01:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2013/07/14 01:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2013/07/14 01:37:43 | 000,210,394 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2013/07/14 01:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2013/07/14 01:37:32 | 000,343,506 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2013/07/14 01:37:31 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2013/07/14 01:37:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2013/07/14 01:37:31 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2013/07/14 01:37:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2013/07/14 01:37:30 | 000,212,956 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2013/07/14 01:37:22 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2013/07/14 01:37:22 | 000,319,446 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2013/07/14 01:37:22 | 000,285,146 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2013/07/14 01:37:21 | 000,331,738 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2013/07/14 01:37:21 | 000,324,562 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2013/07/14 01:37:21 | 000,261,594 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2013/07/14 01:37:20 | 000,260,062 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2013/07/14 01:37:20 | 000,221,662 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2013/07/14 01:37:20 | 000,221,146 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2013/07/14 01:37:20 | 000,219,614 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2013/07/14 01:37:20 | 000,219,612 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2013/07/14 01:37:20 | 000,219,610 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2013/07/14 01:37:20 | 000,214,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2013/07/14 01:37:19 | 000,238,556 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2013/07/14 01:37:19 | 000,226,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2013/07/14 01:37:19 | 000,225,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2013/07/14 01:37:19 | 000,221,660 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2013/07/14 01:37:19 | 000,220,638 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2013/07/14 01:37:19 | 000,220,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2013/07/14 01:37:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2013/07/14 01:37:18 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2013/07/14 01:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2013/07/14 01:37:00 | 000,389,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2013/07/14 01:37:00 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2013/07/14 01:37:00 | 000,336,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2013/07/14 01:37:00 | 000,328,154 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2013/07/14 01:37:00 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2013/07/14 01:36:59 | 000,547,794 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2013/07/14 01:36:59 | 000,307,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2013/07/14 01:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2013/07/14 01:36:58 | 000,743,382 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2013/07/14 01:36:57 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2013/07/14 01:36:57 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2013/07/14 01:36:57 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2013/07/14 01:36:57 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2013/07/14 01:36:56 | 000,271,836 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2013/07/14 01:36:56 | 000,218,578 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2013/07/14 01:36:55 | 000,267,742 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2013/07/14 01:36:55 | 000,224,732 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2013/07/14 01:36:55 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2013/07/14 01:36:55 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2013/07/14 01:36:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2013/07/14 01:36:54 | 000,427,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2013/07/14 01:36:54 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2013/07/14 01:36:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2013/07/14 01:36:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2013/07/14 01:36:53 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2013/07/14 01:36:53 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2013/07/14 01:36:53 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2013/07/14 01:36:52 | 000,210,900 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2013/07/14 01:36:52 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2013/07/14 01:36:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2013/07/14 01:36:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2013/07/14 01:36:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2013/07/14 01:36:51 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2013/07/14 01:36:51 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2013/07/14 01:36:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2013/07/14 01:36:51 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2013/07/14 01:36:51 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2013/07/14 01:36:50 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2013/07/14 01:36:50 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2013/07/14 01:36:42 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2013/07/14 01:36:42 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2013/07/14 01:36:42 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2013/07/14 01:36:42 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2013/07/14 01:36:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/07/30 20:36:03 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2013/07/30 20:35:36 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/07/30 20:35:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/30 05:12:36 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spyware Cease 2011.lnk
[2013/07/29 04:42:23 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\KMPlayer.lnk
[2013/07/25 18:42:48 | 216,002,560 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\pa-letsgolf.iso
[2013/07/25 18:03:36 | 207,195,040 | ---- | M] () -- C:\Documents and Settings\Administrator\EBOOT.PBP
[2013/07/25 17:46:32 | 000,745,888 | ---- | M] () -- C:\Documents and Settings\Administrator\ISO.BIN
[2013/07/25 17:46:32 | 000,000,080 | ---- | M] () -- C:\Documents and Settings\Administrator\MINIS.BIN
[2013/07/23 15:13:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/21 16:47:43 | 000,009,728 | ---- | M] () -- C:\WINDOWS\System32\gei33.dll
[2013/07/18 07:49:52 | 000,039,370 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\BPBXsypCIAEsYeQ.png large.png
[2013/07/17 16:06:29 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Expat Shield Launch.lnk
[2013/07/17 14:22:25 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/16 03:50:33 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PS3 Tools.lnk
[2013/07/14 06:46:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\cd.dat
[2013/07/14 05:59:34 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2013/07/14 02:57:14 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bandwidth Monitor.lnk
[2013/07/14 02:57:02 | 000,424,414 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/14 02:57:02 | 000,351,706 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/14 02:57:02 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/14 02:57:01 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/07/14 02:57:01 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/07/14 02:57:01 | 000,351,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/14 02:57:01 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/07/14 02:55:35 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\UltraISO.lnk
[2013/07/14 02:52:29 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IDM.lnk
[2013/07/14 02:48:58 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Orbit.lnk
[2013/07/14 02:44:17 | 000,869,850 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/07/14 02:44:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/07/14 02:42:56 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/14 02:42:56 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/14 02:28:45 | 000,018,096 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2013/07/14 02:21:31 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/14 02:21:31 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/14 02:16:23 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/14 02:16:22 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/07/14 02:15:36 | 000,165,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/14 02:13:29 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2013/07/14 02:12:24 | 000,000,803 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2013/07/14 02:10:01 | 000,001,404 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\XPS Viewer EP.lnk
[2013/07/14 01:55:05 | 000,000,317 | -HS- | M] () -- C:\boot.ini
[2013/07/14 01:54:12 | 000,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2013/07/14 01:42:04 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/07/14 01:42:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/07/14 01:42:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/07/14 01:42:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2013/07/14 01:42:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2013/07/14 01:41:57 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/07/14 01:41:57 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/07/14 01:41:56 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/07/14 01:41:49 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2013/07/14 01:38:32 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/07/30 05:12:36 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spyware Cease 2011.lnk
[2013/07/30 05:12:25 | 000,034,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys
[2013/07/25 18:40:59 | 216,002,560 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\pa-letsgolf.iso
[2013/07/25 17:43:50 | 000,745,888 | ---- | C] () -- C:\Documents and Settings\Administrator\ISO.BIN
[2013/07/25 17:43:50 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Administrator\MINIS.BIN
[2013/07/25 17:23:41 | 207,195,040 | ---- | C] () -- C:\Documents and Settings\Administrator\EBOOT.PBP
[2013/07/17 16:06:29 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Expat Shield Launch.lnk
[2013/07/16 04:50:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/16 03:50:33 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PS3 Tools.lnk
[2013/07/14 07:42:27 | 000,039,370 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\BPBXsypCIAEsYeQ.png large.png
[2013/07/14 06:46:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2013/07/14 05:59:34 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2013/07/14 05:59:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/07/14 05:58:13 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2013/07/14 05:55:15 | 000,165,120 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/14 05:53:45 | 000,000,317 | -HS- | C] () -- C:\boot.ini
[2013/07/14 05:53:41 | 000,000,803 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2013/07/14 02:57:14 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bandwidth Monitor.lnk
[2013/07/14 02:55:35 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\UltraISO.lnk
[2013/07/14 02:52:29 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IDM.lnk
[2013/07/14 02:48:58 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Orbit.lnk
[2013/07/14 02:47:21 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2013/07/14 02:42:56 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/14 02:42:56 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/14 02:42:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/14 02:40:14 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\KMPlayer.lnk
[2013/07/14 02:28:45 | 000,018,096 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2013/07/14 02:28:40 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2013/07/14 02:28:34 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2013/07/14 02:21:29 | 000,008,743 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/07/14 02:21:21 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2013/07/14 02:21:09 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\gei33.dll
[2013/07/14 02:16:23 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/14 02:16:23 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2013/07/14 02:16:22 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/07/14 02:16:09 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2013/07/14 02:15:52 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2013/07/14 02:15:52 | 000,001,404 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\XPS Viewer EP.lnk
[2013/07/14 02:15:51 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2013/07/14 02:13:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2013/07/14 02:11:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/07/14 02:10:01 | 000,001,392 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\XPS Viewer EP.lnk
[2013/07/14 02:05:58 | 000,002,178 | ---- | C] () -- C:\WINDOWS\System32\wsmtxt.xsl
[2013/07/14 02:05:58 | 000,001,559 | ---- | C] () -- C:\WINDOWS\System32\wsmpty.xsl
[2013/07/14 02:05:57 | 000,195,122 | ---- | C] () -- C:\WINDOWS\System32\winrm.vbs
[2013/07/14 02:05:52 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Journal Viewer.lnk
[2013/07/14 01:59:48 | 000,087,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/07/14 01:42:04 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/07/14 01:42:04 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/07/14 01:42:04 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/07/14 01:42:04 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2013/07/14 01:42:04 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2013/07/14 01:41:57 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/07/14 01:41:57 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/07/14 01:41:56 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2013/07/14 01:40:53 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2013/07/14 01:40:21 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2013/07/14 01:40:21 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2013/07/14 01:38:34 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2013/07/14 01:38:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/07/14 01:38:13 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2013/07/14 01:37:56 | 000,004,304 | ---- | C] () -- C:\WINDOWS\almain.sdb
[2013/07/14 01:37:24 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2013/07/14 01:37:24 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2013/07/14 01:37:24 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2013/07/14 01:37:24 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2013/07/14 01:37:24 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2013/07/14 01:37:24 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2013/07/14 01:37:24 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2013/07/14 01:37:23 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2013/07/14 01:37:23 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2013/07/14 01:37:23 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2013/07/14 01:37:23 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2013/07/14 01:37:20 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2013/07/14 01:37:20 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2013/07/14 01:37:18 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2013/07/14 01:37:12 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2013/07/14 01:42:50 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/11/14 00:17:36 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 16:30:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 16:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#A23BEC]< MD5 for: LPK.DLL  >[/color]
[2008/04/14 16:30:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=012DF358CEBAA23ACB26D82077820817 -- C:\WINDOWS\system32\lpk.dll
[2013/07/14 02:21:09 | 000,086,528 | RHS- | M] () MD5=C088D57549CEBF482C06268532F5055A -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\lpk.dll
[2013/07/14 02:21:09 | 000,086,528 | RHS- | M] () MD5=C088D57549CEBF482C06268532F5055A -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\9469981a17c01dd154c540127e678b35\lpk.dll
 
[color=#A23BEC]< C:\WINDOWS\Temp\*.tmp /s >[/color]
[861 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

< End of report >

I ran firefox in safe mode, still the same so I guess that's not the problem.
Couldn't download the file too. sorry about all the troubles

EDIT:
Hey, I think I submit one of infected files to virscan.org (this one apparently worked) and many of virus scanners said that virus is Win32/Parite (Win32.Parite.B). I hope this would help.

Edited by Nimation, 30 July 2013 - 01:14 PM.

[RKinner]

There are several removal tools available for Win32/Parite

Let's see if that is what we have.



Copy the next two lines:

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer" /s > \junk.txt
notepad \junk.txt

Start, Run, cmd , OK

Right click and Paste or Edit then Paste and the copied lines should appear. Hit Enter if Notepad does not open automatically.

What we are looking for is PINF. You can click on Edit, Find then put in PINF and see if it finds anything. If it's there, copy and paste the text into a reply.

I don't suppose you can download and burn a copy of Hiren's Boot CD?

http://www.hirensboo...BootCD.15.2.zip

Download, save and then right click on it and Extract All. Click on BurnToCD.cmd and follow the instructions to burn the CD. Then move the CD to the sick PC and boot off the CD. (You may need to change the boot order so the CD drive comes before the hard drive. See: http://www.hirensboo...-order-in-bios/ )
That way if it won't boot after a fix we can get in and try to patch it.

Then try one of the following tools:

http://free.avg.com/...ve-win32-parite

http://www.bitdefend...rite-A-B-C.html

If that is what you have then your original question about whether other .exe files are infected is yes.

[Nimation]

I don't know how much of it should I paste here but I think it must be enough:

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
    WebFindBandHook	REG_SZ	{68F2D3FC-8366-4a46-8224-58EFA2749425}
    FileFindBandHook	REG_SZ	{FFAC7A18-EDF9-40de-BA3F-49FC2269855E}
    Logon User Name	REG_SZ	Administrator
    ShellState	REG_BINARY	2400000030280000000000000000000000000000010000000D0000000000000002000000
    CleanShutdown	REG_DWORD	0x0
    FaultCount	REG_DWORD	0x0
    FaultTime	REG_DWORD	0x0
    IconUnderline	REG_NONE	03000000
    EnableAutoTray	REG_DWORD	0x0
    link	REG_BINARY	1E000000
    SearchResultShowingB	REG_BINARY	D6881728B4E6881B2BEAEB1526E35831942E3529C033A3B244B7FF7538AFD24B94F117AB783380B0E609F327E23C0000FF9B389FDC2D000062AE2487
    SearchSystemDirs	REG_DWORD	0x1
    SearchHidden	REG_DWORD	0x1
    IncludeSubFolders	REG_DWORD	0x1
    CaseSensitive	REG_DWORD	0x0
    SearchSlowFiles	REG_DWORD	0x0
    Browse For Folder Width	REG_DWORD	0x13e
    Browse For Folder Height	REG_DWORD	0x120
    PINF	REG_BINARY	0700433A5C444F43554D457E315C41444D494E497E315C4C4F43414C537E315C54656D705C677562372E746D7000

lol, I can download that one but unfortunately I'm all out of blank cd's.
I'll give those tools a try but one more thing, I checked explorer.exe and it says it's infected with win32/virut and not parite. what should I do?

Edited by Nimation, 30 July 2013 - 03:23 PM.

[RKinner]

Definitely parite from the PINF entry.

Once you run the tools you can delete the PINF entry:
Copy the following line:

reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer /v PINF

Start, Run, cmd, OK then right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.



Unfortunately one infection does not rule out another. It actually makes a second infection more likely. Usually we consider virut a death sentence. Time to wipe the drive, kill all partitions and reinstall from scratch. Do not reuse any .exe, .scr or .bat files from an infected computer.

I have seen two cases where it was removed by running a scan from an AVG rescue disk. http://www.geekstogo...ystem-tutorial/ By booting off a CD you can scan and remove the infection before Windows loads. After Windows loads it's impossible to do much since the virus controls windows. Unfortunately I doubt that either of the cases had such a widespread infection. If you decide to try that you should have the CD made on a clean PC. Yours is so infected that I would not trust it to make a CD.

[Nimation]

well, I used virus remover for Win32/Parite and deleted that register entry too. Things run much smoother now but I still doubt it's fully gone.
About Virut, I'll do the last straw and see if that AVG rescue works. If not, I'll be backing up my files then. Thanks for everything Ron, much appreciated.