Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Arestocrat - can't start in safe mode [Closed]


  • This topic is locked This topic is locked

#1
ericthefish

ericthefish

    Member

  • Member
  • PipPip
  • 10 posts
Hello - I have a Dell laptop running XP Professional that is infected with Arestocrat (DOJ). I can't start the machine in safe mode.. starts to boot then stops with a blue screen and this error:

***STOP: 0x0000007B (0xF78A6524,0xC0000034,0x00000000,0x00000000)

I've tried Hitman Pro Kickstart, and am unable to boot from the USB drive - Kickstart returns "Couldn't open drive multi(0)disk(0)rdisk(0)partition(2)"

I have tried to restart using an XP recovery disk, but never was able initiate the recovery console. Wound up installing a second instance of XP which will boot the machine but with very limited capability. AV scans using the second OS don't seem to be able to act on the original.

At this point I can't even download or run OLT or other tools with that machine.

Any suggestions appreciated.

Thanks!
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Lets see if we can get this to run

  • Download OTLPE from either location and save it to your desktop:

    http://oldtimer.geek...om/OTLPEStd.exe
    http://ottools.noahd...et/OTLPEStd.exe
  • Double click the OTLPENet icon on your desktop
  • "Do you want to burn the CD?" choose Yes
  • ImgBurn will automatically extract and load the OTLPE Iso to be burned to CD
  • Place a blank CD in your CD-Rom
  • Click Posted Image to start the burn process
  • You will see a dialog "Operation successfully completed"
  • Boot the non-working computer using the boot CD you just created
  • In order to do so, the computer must be set to boot from the CD first

    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press "OK"
  • OTL should now start.
  • Push Posted Image
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your next reply.

Gringo
  • 0

#3
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#4
ericthefish

ericthefish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello Gringo,

Sorry for the delay. yes, I still need help with this. I had searched around this forum and actually got the OTLPE running on the machine the other day. I ran a scan but it seems only to recognize the newer installation of XP, not the infected one. The original OS is XP Professional. The one I added was from a "Media Center Edition" I have on my desktop. Scan seems only to see the Media Center edition.

Thanks for hanging in there.

Eric


Here is the output from OTL.txt:

OTL logfile created on: 8/23/2013 7:05:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 82.53% Memory free
3.84 Gb Paging File | 3.65 Gb Available in Paging File | 95.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS\NEW | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 10.37 Gb Free Space | 13.93% Space Free | Partition Type: NTFS
Drive D: | 248.08 Mb Total Space | 230.12 Mb Free Space | 92.76% Space Free | Partition Type: FAT32
Drive E: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ERIC-2894F89078 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/23 19:03:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2013/04/04 11:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2004/08/10 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NEW\explorer.exe
PRC - [2004/08/10 04:00:00 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NEW\system32\wpabaln.exe


========== Modules (No Company Name) ==========

MOD - [2005/08/05 14:01:54 | 000,282,112 | ---- | M] () -- C:\WINDOWS\NEW\system32\sbe.dll
MOD - [2005/06/28 18:55:07 | 001,287,680 | ---- | M] () -- C:\WINDOWS\NEW\system32\quartz.dll
MOD - [2004/08/10 04:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\NEW\system32\devenum.dll
MOD - [2004/08/10 04:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\NEW\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/08/23 18:48:45 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\NEW\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



[2013/08/16 16:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/16 16:54:44 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/08/16 16:54:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/16 16:59:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/30 06:34:27 | 000,080,184 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2012/03/30 06:34:30 | 000,586,040 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2009/10/29 07:43:38 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2009/10/29 07:43:50 | 000,099,216 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2009/10/29 07:41:52 | 000,061,840 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\NEW\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\NEW\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\NEW\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\NEW\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\NEW\system32\userinit.exe) - C:\WINDOWS\NEW\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 04:00:00 | 000,000,110 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a875e2c1-09dc-11e3-a728-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a875e2c1-09dc-11e3-a728-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a875e2c1-09dc-11e3-a728-806d6172696f}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2004/08/10 04:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2004/08/10 04:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/23 19:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Application Data\Dell
[2013/08/23 18:48:45 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\NEW\System32\drivers\mbamswissarmy.sys
[2013/08/23 17:54:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\CSC
[2013/08/23 17:54:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Minidump
[2013/08/21 10:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.NEW\Application Data\HitmanPro
[2013/08/21 10:43:09 | 009,167,352 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Desktop\HitmanPro.exe
[2013/08/21 07:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.NEW\Application Data\Malwarebytes
[2013/08/21 07:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Application Data\Malwarebytes
[2013/08/21 06:05:13 | 000,000,000 | ---D | C] -- C:\FRST
[2013/08/20 22:23:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\RegisteredPackages
[2013/08/20 22:18:26 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\drivers\irbus.sys
[2013/08/20 22:16:09 | 000,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\spupdsvc.exe
[2013/08/20 22:13:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/08/20 22:10:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\URTTemp
[2013/08/20 22:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\RGB
[2013/08/20 22:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.NEW\Application Data\DIGStream
[2013/08/20 22:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\DIGStream
[2013/08/20 22:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESPNMotion
[2013/08/20 22:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Local Settings\Application Data\ApplicationHistory
[2013/08/20 22:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\GemMaster
[2013/08/20 22:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\EnglishOtto
[2013/08/20 21:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.NEW\Documents\Recorded TV
[2013/08/20 21:52:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Application Data\Microsoft
[2013/08/20 21:52:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Cookies
[2013/08/20 21:52:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Application Data
[2013/08/20 21:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Local Settings\Application Data\Microsoft
[2013/08/20 21:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Favorites
[2013/08/20 21:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Desktop
[2013/08/20 21:52:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\SendTo
[2013/08/20 21:52:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Start Menu\Programs\Startup
[2013/08/20 21:52:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Start Menu
[2013/08/20 21:52:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Start Menu\Programs\Accessories
[2013/08/20 21:52:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Templates
[2013/08/20 21:52:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Recent
[2013/08/20 21:52:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\PrintHood
[2013/08/20 21:52:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\NetHood
[2013/08/20 21:52:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Local Settings
[2013/08/20 21:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\My Documents
[2013/08/20 21:51:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\SoftwareDistribution
[2013/08/20 21:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Prefetch
[2013/08/20 21:51:27 | 000,000,000 | --SD | C] -- C:\WINDOWS\NEW\System32\Microsoft
[2013/08/20 21:49:05 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehresja.dll
[2013/08/20 21:49:05 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehresko.dll
[2013/08/20 21:49:04 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehresfr.dll
[2013/08/20 21:49:03 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehresde.dll
[2013/08/20 21:48:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehreschs.dll
[2013/08/20 21:48:28 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winzm.ime
[2013/08/20 21:48:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winsp.ime
[2013/08/20 21:48:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winpy.ime
[2013/08/20 21:48:26 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winime.ime
[2013/08/20 21:48:25 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winar30.ime
[2013/08/20 21:48:25 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wingb.ime
[2013/08/20 21:48:24 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\weitekp9.dll
[2013/08/20 21:48:24 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\weitekp9.sys
[2013/08/20 21:48:23 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wam51.dll
[2013/08/20 21:48:23 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wamreg51.dll
[2013/08/20 21:48:23 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wamps51.dll
[2013/08/20 21:48:22 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\w3svc.dll
[2013/08/20 21:48:22 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\w3ext.dll
[2013/08/20 21:48:22 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\w32.dll
[2013/08/20 21:48:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\w3svapi.dll
[2013/08/20 21:48:22 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\w3ctrs51.dll
[2013/08/20 21:48:21 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\voicepad.dll
[2013/08/20 21:48:21 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\voicesub.dll
[2013/08/20 21:48:17 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\uniime.dll
[2013/08/20 21:48:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\unicdime.ime
[2013/08/20 21:48:16 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\uihelper.dll
[2013/08/20 21:48:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tsprof.exe
[2013/08/20 21:48:14 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tintsetp.exe
[2013/08/20 21:48:14 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tools.dll
[2013/08/20 21:48:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tmigrate.dll
[2013/08/20 21:48:13 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tintlgnt.ime
[2013/08/20 21:48:13 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\thawbrkr.dll
[2013/08/20 21:48:13 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tintlphr.exe
[2013/08/20 21:48:13 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tdspx.sys
[2013/08/20 21:48:12 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tdipx.sys
[2013/08/20 21:48:12 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tdasync.sys
[2013/08/20 21:48:09 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\svcext51.dll
[2013/08/20 21:48:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\status.dll
[2013/08/20 21:48:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sspifilt.dll
[2013/08/20 21:48:08 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ssinc51.dll
[2013/08/20 21:48:07 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\srusbusd.dll
[2013/08/20 21:48:05 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\softkey.dll
[2013/08/20 21:48:05 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\snmpthrd.dll
[2013/08/20 21:48:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\snmptrap.exe
[2013/08/20 21:48:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_snprfdll.dll
[2013/08/20 21:48:04 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\snmpincl.dll
[2013/08/20 21:48:04 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\snmpcl.dll
[2013/08/20 21:48:04 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\snmpsmir.dll
[2013/08/20 21:48:04 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\snmp.exe
[2013/08/20 21:48:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\snmpstup.dll
[2013/08/20 21:48:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\snmpmib.dll
[2013/08/20 21:48:03 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smtpsvc.dll
[2013/08/20 21:48:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smierrsm.dll
[2013/08/20 21:48:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_smtpctrs.dll
[2013/08/20 21:48:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smtpapi.dll
[2013/08/20 21:48:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smimsgif.dll
[2013/08/20 21:48:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smierrsy.dll
[2013/08/20 21:48:02 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smi2smir.exe
[2013/08/20 21:48:02 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm9aw.dll
[2013/08/20 21:48:02 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smb6w.dll
[2013/08/20 21:48:02 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sma3w.dll
[2013/08/20 21:48:02 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm8cw.dll
[2013/08/20 21:48:02 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm93w.dll
[2013/08/20 21:48:02 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm92w.dll
[2013/08/20 21:48:02 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm90w.dll
[2013/08/20 21:48:02 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm8dw.dll
[2013/08/20 21:48:01 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm87w.dll
[2013/08/20 21:48:01 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm81w.dll
[2013/08/20 21:48:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm8aw.dll
[2013/08/20 21:48:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm89w.dll
[2013/08/20 21:48:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm59w.dll
[2013/08/20 21:48:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\simptcp.dll
[2013/08/20 21:47:56 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\seo.dll
[2013/08/20 21:47:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_seos.dll
[2013/08/20 21:47:55 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_scripto.dll
[2013/08/20 21:47:53 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\NEW\System32\dllcache\rwia330.dll
[2013/08/20 21:47:53 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\NEW\System32\dllcache\rwia001.dll
[2013/08/20 21:47:53 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\NEW\System32\dllcache\rw330ext.dll
[2013/08/20 21:47:53 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rw001ext.dll
[2013/08/20 21:47:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rwnh.dll
[2013/08/20 21:47:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rpcref.dll
[2013/08/20 21:47:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\romanime.ime
[2013/08/20 21:47:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_regtrace.exe
[2013/08/20 21:47:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\register.exe
[2013/08/20 21:47:48 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ramdisk.sys
[2013/08/20 21:47:47 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\quick.ime
[2013/08/20 21:47:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\quser.exe
[2013/08/20 21:47:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\query.exe
[2013/08/20 21:47:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pwsdata.dll
[2013/08/20 21:47:44 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pmxviceo.dll
[2013/08/20 21:47:44 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pintlphr.exe
[2013/08/20 21:47:44 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pmigrate.dll
[2013/08/20 21:47:44 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pmxmcro.dll
[2013/08/20 21:47:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pmxgl.dll
[2013/08/20 21:47:43 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pintlgnt.ime
[2013/08/20 21:47:43 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\phon.ime
[2013/08/20 21:47:43 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pintlcsd.dll
[2013/08/20 21:47:43 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\permchk.dll
[2013/08/20 21:47:41 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\padrs411.dll
[2013/08/20 21:47:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pagecnt.dll
[2013/08/20 21:47:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\padrs404.dll
[2013/08/20 21:47:41 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\padrs804.dll
[2013/08/20 21:47:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\padrs412.dll
[2013/08/20 21:47:36 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\nsepm.dll
[2013/08/20 21:47:36 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_ntfsdrv.dll
[2013/08/20 21:47:34 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\nextlink.dll
[2013/08/20 21:47:30 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\multibox.dll
[2013/08/20 21:47:30 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mtstocom.exe
[2013/08/20 21:47:26 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msiregmv.exe
[2013/08/20 21:47:25 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msir3jp.lex
[2013/08/20 21:47:25 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msir3jp.dll
[2013/08/20 21:47:13 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mga.sys
[2013/08/20 21:47:13 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mga.dll
[2013/08/20 21:47:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\metada51.dll
[2013/08/20 21:47:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\migregdb.exe
[2013/08/20 21:47:12 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\md5filt.dll
[2013/08/20 21:47:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mdsync.dll
[2013/08/20 21:47:11 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_mailmsg.dll
[2013/08/20 21:47:10 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\lpdsvc.dll
[2013/08/20 21:47:10 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\logscrpt.dll
[2013/08/20 21:47:10 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\lprmon.dll
[2013/08/20 21:47:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\lonsint.dll
[2013/08/20 21:47:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\lmmib2.dll
[2013/08/20 21:47:08 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\korwbrkr.dll
[2013/08/20 21:47:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdth3.dll
[2013/08/20 21:47:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdvntc.dll
[2013/08/20 21:47:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdusa.dll
[2013/08/20 21:47:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdurdu.dll
[2013/08/20 21:47:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdnecnt.dll
[2013/08/20 21:47:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdth2.dll
[2013/08/20 21:47:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdth1.dll
[2013/08/20 21:47:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdth0.dll
[2013/08/20 21:47:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdsyr2.dll
[2013/08/20 21:47:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdsyr1.dll
[2013/08/20 21:47:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdnecat.dll
[2013/08/20 21:47:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdnec95.dll
[2013/08/20 21:47:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdlk41a.dll
[2013/08/20 21:47:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdlk41j.dll
[2013/08/20 21:47:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdinpun.dll
[2013/08/20 21:47:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdintel.dll
[2013/08/20 21:47:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdintam.dll
[2013/08/20 21:47:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdinmar.dll
[2013/08/20 21:47:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdibm02.dll
[2013/08/20 21:47:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdinkan.dll
[2013/08/20 21:47:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdinhin.dll
[2013/08/20 21:47:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdinguj.dll
[2013/08/20 21:47:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdindev.dll
[2013/08/20 21:47:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdheb.dll
[2013/08/20 21:47:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdgeo.dll
[2013/08/20 21:47:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdfa.dll
[2013/08/20 21:47:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbddiv2.dll
[2013/08/20 21:47:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbddiv1.dll
[2013/08/20 21:47:02 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\jupiw.dll
[2013/08/20 21:47:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdax2.dll
[2013/08/20 21:47:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbd106n.dll
[2013/08/20 21:47:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbd101a.dll
[2013/08/20 21:47:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbd101.dll
[2013/08/20 21:47:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbda3.dll
[2013/08/20 21:47:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbda2.dll
[2013/08/20 21:47:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbda1.dll
[2013/08/20 21:47:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdarmw.dll
[2013/08/20 21:47:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdarme.dll
[2013/08/20 21:47:01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iscomlog.dll
[2013/08/20 21:47:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iwrps.dll
[2013/08/20 21:47:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\isapips.dll
[2013/08/20 21:47:00 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iprip.dll
[2013/08/20 21:46:59 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\infocomm.dll
[2013/08/20 21:46:59 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\infoctrs.dll
[2013/08/20 21:46:58 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imskdic.dll
[2013/08/20 21:46:58 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imskf.dll
[2013/08/20 21:46:58 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\inetin51.exe
[2013/08/20 21:46:57 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjputyc.dll
[2013/08/20 21:46:57 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjputy.exe
[2013/08/20 21:46:57 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjprw.exe
[2013/08/20 21:46:57 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imlang.dll
[2013/08/20 21:46:57 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imkrinst.exe
[2013/08/20 21:46:57 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjpuex.exe
[2013/08/20 21:46:56 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjpcus.dll
[2013/08/20 21:46:56 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjpdct.exe
[2013/08/20 21:46:56 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjpmig.exe
[2013/08/20 21:46:56 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjpdsvr.exe
[2013/08/20 21:46:56 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjpdct.dll
[2013/08/20 21:46:56 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjpdadm.exe
[2013/08/20 21:46:55 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjp81k.dll
[2013/08/20 21:46:55 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjpcic.dll
[2013/08/20 21:46:55 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjp81.ime
[2013/08/20 21:46:55 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imepadsv.exe
[2013/08/20 21:46:55 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imekrcic.dll
[2013/08/20 21:46:55 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imepadsm.dll
[2013/08/20 21:46:55 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imekr61.ime
[2013/08/20 21:46:55 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imekrmbx.dll
[2013/08/20 21:46:55 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imekrmig.exe
[2013/08/20 21:46:54 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iische51.dll
[2013/08/20 21:46:54 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iislog51.dll
[2013/08/20 21:46:54 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisclex4.dll
[2013/08/20 21:46:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisadmin.dll
[2013/08/20 21:46:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iiscrmap.dll
[2013/08/20 21:46:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisfecnv.dll
[2013/08/20 21:46:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iissync.exe
[2013/08/20 21:46:54 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iismui.dll
[2013/08/20 21:46:50 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\hwxkor.dll
[2013/08/20 21:46:46 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\hwxcht.dll
[2013/08/20 21:46:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\httpod51.dll
[2013/08/20 21:46:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\httpmb51.dll
[2013/08/20 21:46:45 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\httpext.dll
[2013/08/20 21:46:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\hostmib.dll
[2013/08/20 21:46:44 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\hanjadic.dll
[2013/08/20 21:46:44 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\gzip.dll
[2013/08/20 21:46:42 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsst.dll
[2013/08/20 21:46:42 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsxp32.dll
[2013/08/20 21:46:42 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxstiff.dll
[2013/08/20 21:46:42 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxssvc.exe
[2013/08/20 21:46:42 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxst30.dll
[2013/08/20 21:46:42 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxswzrd.dll
[2013/08/20 21:46:42 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsui.dll
[2013/08/20 21:46:41 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxscomex.dll
[2013/08/20 21:46:41 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxscover.exe
[2013/08/20 21:46:41 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxscom.dll
[2013/08/20 21:46:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsevent.dll
[2013/08/20 21:46:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsroute.dll
[2013/08/20 21:46:41 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsdrv.dll
[2013/08/20 21:46:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsmon.dll
[2013/08/20 21:46:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsext32.dll
[2013/08/20 21:46:41 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxssend.exe
[2013/08/20 21:46:41 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsperf.dll
[2013/08/20 21:46:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsres.dll
[2013/08/20 21:46:40 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsapi.dll
[2013/08/20 21:46:40 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsclnt.exe
[2013/08/20 21:46:40 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsclntr.dll
[2013/08/20 21:46:40 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ftpsv251.dll
[2013/08/20 21:46:40 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxscfgwz.dll
[2013/08/20 21:46:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ftpctrs2.dll
[2013/08/20 21:46:40 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ftpmib.dll
[2013/08/20 21:46:39 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fpadmdll.dll
[2013/08/20 21:46:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ftlx041e.dll
[2013/08/20 21:46:38 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fpadmcgi.exe
[2013/08/20 21:46:38 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\flattemp.exe
[2013/08/20 21:46:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_fcachdll.dll
[2013/08/20 21:46:36 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\evntagnt.dll
[2013/08/20 21:46:36 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\evntwin.exe
[2013/08/20 21:46:36 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\evntcmd.exe
[2013/08/20 21:46:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\exstrace.dll
[2013/08/20 21:46:36 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\f3ahvoas.dll
[2013/08/20 21:46:35 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\NEW\System32\dllcache\esuimgd.dll
[2013/08/20 21:46:35 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\NEW\System32\dllcache\esunid.dll
[2013/08/20 21:46:35 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\NEW\System32\dllcache\esucmd.dll
[2013/08/20 21:46:35 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\et4000.sys
[2013/08/20 21:46:33 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\edb500.dll
[2013/08/20 21:46:25 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\dayi.ime
[2013/08/20 21:46:25 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\davcdata.exe
[2013/08/20 21:46:23 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cplexe.exe
[2013/08/20 21:46:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cprofile.exe
[2013/08/20 21:46:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\convlog.exe
[2013/08/20 21:46:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\controt.dll
[2013/08/20 21:46:22 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\counters.dll
[2013/08/20 21:46:21 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\compfilt.dll
[2013/08/20 21:46:20 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cintsetp.exe
[2013/08/20 21:46:20 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cintlgnt.ime
[2013/08/20 21:46:19 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\chtbrkr.dll
[2013/08/20 21:46:19 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cintime.dll
[2013/08/20 21:46:19 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\chtmbx.dll
[2013/08/20 21:46:19 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\chtskdic.dll
[2013/08/20 21:46:18 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\chsbrkr.dll
[2013/08/20 21:46:18 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\chgport.exe
[2013/08/20 21:46:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\chgusr.exe
[2013/08/20 21:46:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\chglogon.exe
[2013/08/20 21:46:18 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\change.exe
[2013/08/20 21:46:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\chajei.ime
[2013/08/20 21:46:16 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\c_g18030.dll
[2013/08/20 21:46:16 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\NEW\System32\dllcache\cap7146.sys
[2013/08/20 21:46:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\c_iscii.dll
[2013/08/20 21:46:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\c_is2022.dll
[2013/08/20 21:46:07 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\browscap.dll
[2013/08/20 21:46:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\authfilt.dll
[2013/08/20 21:46:04 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\asp51.dll
[2013/08/20 21:46:04 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\asptxn.dll
[2013/08/20 21:46:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\aspperf.dll
[2013/08/20 21:46:03 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\aqueue.dll
[2013/08/20 21:46:03 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\appconf.dll
[2013/08/20 21:46:03 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_aqadmin.dll
[2013/08/20 21:46:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0804.dll
[2013/08/20 21:46:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0412.dll
[2013/08/20 21:46:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0411.dll
[2013/08/20 21:46:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt040d.dll
[2013/08/20 21:46:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0404.dll
[2013/08/20 21:46:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0401.dll
[2013/08/20 21:46:01 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\adrot.dll
[2013/08/20 21:46:01 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\admexs.dll
[2013/08/20 21:46:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\admxprox.dll
[2013/08/20 21:46:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_adsiisex.dll
[2013/08/20 21:45:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wamregps.dll
[2013/08/20 21:45:54 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tcptest.exe
[2013/08/20 21:45:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tcptsat.dll
[2013/08/20 21:45:53 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smtpsnap.dll
[2013/08/20 21:45:53 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smtpadm.dll
[2013/08/20 21:45:53 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\staxmem.dll
[2013/08/20 21:45:51 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\shtml.exe
[2013/08/20 21:45:50 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\shtml.dll
[2013/08/20 21:45:40 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\logui.ocx
[2013/08/20 21:45:40 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\isatq.dll
[2013/08/20 21:45:39 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\inetmgr.dll
[2013/08/20 21:45:39 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisui.dll
[2013/08/20 21:45:39 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\inetsloc.dll
[2013/08/20 21:45:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\infoadmn.dll
[2013/08/20 21:45:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\inetmgr.exe
[2013/08/20 21:45:38 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisrtl.dll
[2013/08/20 21:45:38 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisext51.dll
[2013/08/20 21:45:38 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iismap.dll
[2013/08/20 21:45:38 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisrstas.exe
[2013/08/20 21:45:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisreset.exe
[2013/08/20 21:45:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ftpsapi2.dll
[2013/08/20 21:45:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisrstap.dll
[2013/08/20 21:45:37 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fpmmc.dll
[2013/08/20 21:45:37 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fpmmcsat.dll
[2013/08/20 21:45:37 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fpexedll.dll
[2013/08/20 21:45:37 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fpremadm.exe
[2013/08/20 21:45:36 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4awel.dll
[2013/08/20 21:45:36 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fpcount.exe
[2013/08/20 21:45:36 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp98swin.exe
[2013/08/20 21:45:36 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp98sadm.exe
[2013/08/20 21:45:35 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4apws.dll
[2013/08/20 21:45:35 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4atxt.dll
[2013/08/20 21:45:35 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4anscp.dll
[2013/08/20 21:45:35 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4awebs.dll
[2013/08/20 21:45:35 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4areg.dll
[2013/08/20 21:45:35 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4avnb.dll
[2013/08/20 21:45:35 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4avss.dll
[2013/08/20 21:45:34 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4amsft.dll
[2013/08/20 21:45:33 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\certwiz.ocx
[2013/08/20 21:45:33 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cfgwiz.exe
[2013/08/20 21:45:33 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\certmap.ocx
[2013/08/20 21:45:33 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cnfgprts.ocx
[2013/08/20 21:45:33 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\coadmin.dll
[2013/08/20 21:45:33 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\author.exe
[2013/08/20 21:45:32 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\adsiis51.dll
[2013/08/20 21:45:32 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\author.dll
[2013/08/20 21:45:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\admwprox.dll
[2013/08/20 21:45:31 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\admin.dll
[2013/08/20 21:45:31 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\admin.exe
[2013/08/20 21:45:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\xircom
[2013/08/20 21:44:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\NEW\$hf_mig$
[2013/08/20 21:43:38 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mapi32.dll
[2013/08/20 21:41:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.NEW\DRM
[2013/08/20 21:41:20 | 000,000,000 | --SD | C] -- C:\WINDOWS\NEW\Downloaded Program Files
[2013/08/20 21:41:20 | 000,000,000 | R--D | C] -- C:\WINDOWS\NEW\Offline Web Pages
[2013/08/20 21:40:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\DirectX
[2013/08/20 21:39:52 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msoobe.exe
[2013/08/20 21:39:51 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\helphost.exe
[2013/08/20 21:39:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\notiflag.exe
[2013/08/20 21:39:51 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\brpinfo.dll
[2013/08/20 21:39:51 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\atrace.dll
[2013/08/20 21:39:51 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\atrace.dll
[2013/08/20 21:39:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\hcappres.dll
[2013/08/20 21:39:45 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\srdiag.exe
[2013/08/20 21:39:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\nmevtmsg.dll
[2013/08/20 21:39:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\nmevtmsg.dll
[2013/08/20 21:39:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\acctres.dll
[2013/08/20 21:39:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\acctres.dll
[2013/08/20 21:39:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\icfgnt5.dll
[2013/08/20 21:39:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\icfgnt5.dll
[2013/08/20 21:39:44 | 000,000,000 | --SD | C] -- C:\WINDOWS\NEW\Tasks
[2013/08/20 21:39:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\isignup.exe
[2013/08/20 21:39:41 | 000,725,566 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\srchui.dll
[2013/08/20 21:39:41 | 000,058,434 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\srchctls.dll
[2013/08/20 21:39:40 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msgr3en.dll
[2013/08/20 21:39:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\srchasst
[2013/08/20 21:39:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\Macromed
[2013/08/20 21:39:34 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wuweb.dll
[2013/08/20 21:39:33 | 001,134,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wuaueng.dll
[2013/08/20 21:39:33 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\wuapi.dll
[2013/08/20 21:39:33 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wuapi.dll
[2013/08/20 21:39:33 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\wuaueng1.dll
[2013/08/20 21:39:33 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wuaueng1.dll
[2013/08/20 21:39:33 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\wuauclt1.exe
[2013/08/20 21:39:33 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wuauclt1.exe
[2013/08/20 21:39:33 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wuaucpl.cpl
[2013/08/20 21:39:33 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\wucltui.dll
[2013/08/20 21:39:33 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wucltui.dll
[2013/08/20 21:39:33 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wuauclt.exe
[2013/08/20 21:39:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\wups.dll
[2013/08/20 21:39:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wups.dll
[2013/08/20 21:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\bitsprx2.dll
[2013/08/20 21:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\bitsprx2.dll
[2013/08/20 21:39:33 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\bitsprx3.dll
[2013/08/20 21:39:33 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\bitsprx3.dll
[2013/08/20 21:39:33 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wuauserv.dll
[2013/08/20 21:39:32 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\qmgr.dll
[2013/08/20 21:39:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\qmgrprxy.dll
[2013/08/20 21:39:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\qmgrprxy.dll
[2013/08/20 21:39:30 | 000,561,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msobmain.dll
[2013/08/20 21:39:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msobdl.dll
[2013/08/20 21:39:29 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msobcomm.dll
[2013/08/20 21:39:29 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\oobebaln.exe
[2013/08/20 21:39:29 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msobshel.dll
[2013/08/20 21:39:29 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msobweb.dll
[2013/08/20 21:39:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\uploadm.exe
[2013/08/20 21:39:28 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\safrslv.dll
[2013/08/20 21:39:28 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\safrslv.dll
[2013/08/20 21:39:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\safrcdlg.dll
[2013/08/20 21:39:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\safrcdlg.dll
[2013/08/20 21:39:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\racpldlg.dll
[2013/08/20 21:39:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\racpldlg.dll
[2013/08/20 21:39:28 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\safrdm.dll
[2013/08/20 21:39:28 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\safrdm.dll
[2013/08/20 21:39:27 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pchshell.dll
[2013/08/20 21:39:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pchsvc.dll
[2013/08/20 21:39:26 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msconfig.exe
[2013/08/20 21:39:25 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\helpctr.exe
[2013/08/20 21:39:25 | 000,743,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\helpsvc.exe
[2013/08/20 21:39:25 | 000,124,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fltmgr.sys
[2013/08/20 21:39:25 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\fltMc.exe
[2013/08/20 21:39:25 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fltmc.exe
[2013/08/20 21:39:25 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\hscupd.exe
[2013/08/20 21:39:25 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fltlib.dll
[2013/08/20 21:39:24 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rstrui.exe
[2013/08/20 21:39:24 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\srrstr.dll
[2013/08/20 21:39:24 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\srrstr.dll
[2013/08/20 21:39:24 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\srsvc.dll
[2013/08/20 21:39:24 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\ils.dll
[2013/08/20 21:39:24 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ils.dll
[2013/08/20 21:39:24 | 000,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sr.sys
[2013/08/20 21:39:24 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\srclient.dll
[2013/08/20 21:39:24 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\NEW\System32\isrdbg32.dll
[2013/08/20 21:39:24 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\NEW\System32\dllcache\isrdbg32.dll
[2013/08/20 21:39:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\Restore
[2013/08/20 21:39:23 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\msconf.dll
[2013/08/20 21:39:23 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msconf.dll
[2013/08/20 21:39:23 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mnmdd.dll
[2013/08/20 21:39:23 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mnmdd.dll
[2013/08/20 21:39:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mnmsrvc.exe
[2013/08/20 21:39:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\nmmkcert.dll
[2013/08/20 21:39:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\nmmkcert.dll
[2013/08/20 21:39:18 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\msoeacct.dll
[2013/08/20 21:39:18 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msoeacct.dll
[2013/08/20 21:39:18 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\msoert2.dll
[2013/08/20 21:39:18 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msoert2.dll
[2013/08/20 21:39:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\inetres.dll
[2013/08/20 21:39:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\inetres.dll
[2013/08/20 21:39:16 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\inetcomm.dll
[2013/08/20 21:39:15 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mstask.dll
[2013/08/20 21:39:15 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\schedsvc.dll
[2013/08/20 21:39:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mstinit.exe
[2013/08/20 21:39:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mstinit.exe
[2013/08/20 21:39:14 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\inetcfg.dll
[2013/08/20 21:39:14 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\inetcfg.dll
[2013/08/20 21:39:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\isign32.dll
[2013/08/20 21:39:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\isign32.dll
[2013/08/20 21:39:14 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\icwdial.dll
[2013/08/20 21:39:14 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\icwdial.dll
[2013/08/20 21:39:14 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\icwphbk.dll
[2013/08/20 21:39:14 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\icwphbk.dll
[2013/08/20 21:39:14 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\icwdl.dll
[2013/08/20 21:39:12 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\icwconn1.exe
[2013/08/20 21:39:12 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\icwconn2.exe
[2013/08/20 21:39:12 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\inetwiz.exe
[2013/08/20 21:38:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Documents\My Music
[2013/08/20 21:37:42 | 000,000,000 | R-SD | C] -- C:\WINDOWS\NEW\assembly
[2013/08/20 21:37:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Games
[2013/08/20 21:36:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Administrative Tools
[2013/08/20 21:36:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Registration
[2013/08/20 21:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Windows Digital Media Enhancements
[2013/08/20 21:35:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Microsoft.NET
[2013/08/20 21:35:04 | 001,742,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mypixdx.scr
[2013/08/20 21:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Plus
[2013/08/20 21:35:03 | 007,093,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\space.scr
[2013/08/20 21:35:02 | 004,396,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\wpgldfsh.scr
[2013/08/20 21:35:02 | 003,343,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\nature.scr
[2013/08/20 21:35:01 | 005,068,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\davinci.scr
[2013/08/20 21:34:57 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\igdetect.dll
[2013/08/20 21:34:18 | 000,462,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehsqqp20.dll
[2013/08/20 21:34:18 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehsqdb20.dll
[2013/08/20 21:34:18 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\bdatunepia.dll
[2013/08/20 21:34:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehsqse20.dll
[2013/08/20 21:34:18 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\medctrro.exe
[2013/08/20 21:34:18 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehmsas.exe
[2013/08/20 21:34:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Documents\My Pictures
[2013/08/20 21:34:13 | 001,370,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehchsime.dll
[2013/08/20 21:34:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehjpnime.dll
[2013/08/20 21:34:13 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehentt.dll
[2013/08/20 21:34:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehiuserxp.dll
[2013/08/20 21:34:12 | 003,219,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehshell.exe
[2013/08/20 21:34:12 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EhCM.dll
[2013/08/20 21:34:12 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehui.dll
[2013/08/20 21:34:12 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehcommon.dll
[2013/08/20 21:34:12 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehdrop.dll
[2013/08/20 21:34:12 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehSched.exe
[2013/08/20 21:34:12 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehRec.exe
[2013/08/20 21:34:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehtray.exe
[2013/08/20 21:34:12 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehdebug.dll
[2013/08/20 21:34:08 | 008,843,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehres.dll
[2013/08/20 21:34:08 | 001,349,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehuihlp.dll
[2013/08/20 21:34:08 | 000,864,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehepg.dll
[2013/08/20 21:34:08 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehRecObj.dll
[2013/08/20 21:34:08 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehiProxy.dll
[2013/08/20 21:34:08 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehPlayer.dll
[2013/08/20 21:34:08 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehiVidCtl.dll
[2013/08/20 21:34:08 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehglid.dll
[2013/08/20 21:34:08 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehiPlay.dll
[2013/08/20 21:34:08 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\debugsvc.dll
[2013/08/20 21:34:08 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehepgdat.dll
[2013/08/20 21:34:08 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehCIR.dll
[2013/08/20 21:34:08 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehProxy.dll
[2013/08/20 21:34:08 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehepgdec.dll
[2013/08/20 21:34:08 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehepgnet.dll
[2013/08/20 21:34:07 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehiwmp.dll
[2013/08/20 21:34:07 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehiExtens.dll
[2013/08/20 21:34:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\write.exe
[2013/08/20 21:34:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\write.exe
[2013/08/20 21:33:58 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\avtapi.dll
[2013/08/20 21:33:58 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\avtapi.dll
[2013/08/20 21:33:58 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\sndvol32.exe
[2013/08/20 21:33:58 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sndvol32.exe
[2013/08/20 21:33:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\avwav.dll
[2013/08/20 21:33:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\avwav.dll
[2013/08/20 21:33:58 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\NEW\System32\hticons.dll
[2013/08/20 21:33:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\avmeter.dll
[2013/08/20 21:33:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\avmeter.dll
[2013/08/20 21:33:57 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\winchat.exe
[2013/08/20 21:33:57 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winchat.exe
[2013/08/20 21:33:52 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\getuname.dll
[2013/08/20 21:33:52 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\getuname.dll
[2013/08/20 21:33:51 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\winmine.exe
[2013/08/20 21:33:51 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winmine.exe
[2013/08/20 21:33:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\calc.exe
[2013/08/20 21:33:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\calc.exe
[2013/08/20 21:33:51 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\charmap.exe
[2013/08/20 21:33:51 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\charmap.exe
[2013/08/20 21:33:51 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\sol.exe
[2013/08/20 21:33:51 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sol.exe
[2013/08/20 21:33:50 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mshearts.exe
[2013/08/20 21:33:50 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mshearts.exe
[2013/08/20 21:33:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\freecell.exe
[2013/08/20 21:33:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\freecell.exe
[2013/08/20 21:33:50 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\tsshutdn.exe
[2013/08/20 21:33:50 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tsshutdn.exe
[2013/08/20 21:33:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\tskill.exe
[2013/08/20 21:33:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tskill.exe
[2013/08/20 21:33:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\rwinsta.exe
[2013/08/20 21:33:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rwinsta.exe
[2013/08/20 21:33:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\tsdiscon.exe
[2013/08/20 21:33:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tsdiscon.exe
[2013/08/20 21:33:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\tscon.exe
[2013/08/20 21:33:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tscon.exe
[2013/08/20 21:33:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\shadow.exe
[2013/08/20 21:33:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\shadow.exe
[2013/08/20 21:33:50 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\reset.exe
[2013/08/20 21:33:50 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\reset.exe
[2013/08/20 21:33:49 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\regini.exe
[2013/08/20 21:33:49 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\regini.exe
[2013/08/20 21:33:49 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\qwinsta.exe
[2013/08/20 21:33:49 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\qwinsta.exe
[2013/08/20 21:33:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\msg.exe
[2013/08/20 21:33:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msg.exe
[2013/08/20 21:33:49 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mtsadmin.tlb
[2013/08/20 21:33:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\qappsrv.exe
[2013/08/20 21:33:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\qappsrv.exe
[2013/08/20 21:33:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cdmodem.dll
[2013/08/20 21:33:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\cdmodem.dll
[2013/08/20 21:33:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\logoff.exe
[2013/08/20 21:33:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\logoff.exe
[2013/08/20 21:33:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\comrereg.exe
[2013/08/20 21:33:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\rdpcfgex.dll
[2013/08/20 21:33:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rdpcfgex.dll
[2013/08/20 21:33:48 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\comsnap.dll
[2013/08/20 21:33:48 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\comsnap.dll
[2013/08/20 21:33:48 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\comrepl.dll
[2013/08/20 21:33:48 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\comrepl.dll
[2013/08/20 21:33:48 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\stclient.dll
[2013/08/20 21:33:48 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\stclient.dll
[2013/08/20 21:33:48 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmi2xml.dll
[2013/08/20 21:33:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\comaddin.dll
[2013/08/20 21:33:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\comaddin.dll
[2013/08/20 21:33:48 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mtxlegih.dll
[2013/08/20 21:33:48 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mtxlegih.dll
[2013/08/20 21:33:48 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mtxdm.dll
[2013/08/20 21:33:48 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mtxdm.dll
[2013/08/20 21:33:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\dcomcnfg.exe
[2013/08/20 21:33:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dcomcnfg.exe
[2013/08/20 21:33:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mtxex.dll
[2013/08/20 21:33:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mtxex.dll
[2013/08/20 21:33:45 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmipicmp.dll
[2013/08/20 21:33:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmimsg.dll
[2013/08/20 21:33:45 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmitimep.dll
[2013/08/20 21:33:44 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\updprov.dll
[2013/08/20 21:33:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tmplprov.dll
[2013/08/20 21:33:44 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemdisp.tlb
[2013/08/20 21:33:44 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\trnsprov.dll
[2013/08/20 21:33:44 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smtpcons.dll
[2013/08/20 21:33:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemads.tlb
[2013/08/20 21:33:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\unsecapp.exe
[2013/08/20 21:33:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winmgmtr.dll
[2013/08/20 21:33:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winmgmt.exe
[2013/08/20 21:33:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemads.dll
[2013/08/20 21:33:43 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msiprov.dll
[2013/08/20 21:33:43 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\dsprov.dll
[2013/08/20 21:33:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fwdprov.dll
[2013/08/20 21:33:40 | 000,345,088 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\NEW\System32\hypertrm.dll
[2013/08/20 21:33:40 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\accwiz.exe
[2013/08/20 21:33:40 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\accwiz.exe
[2013/08/20 21:33:40 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\sndrec32.exe
[2013/08/20 21:33:40 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sndrec32.exe
[2013/08/20 21:33:40 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mplay32.exe
[2013/08/20 21:33:40 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mplay32.exe
[2013/08/20 21:33:40 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\access.cpl
[2013/08/20 21:33:40 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\access.cpl
[2013/08/20 21:33:39 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mspaint.exe
[2013/08/20 21:33:39 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mspaint.exe
[2013/08/20 21:33:39 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\clipbrd.exe
[2013/08/20 21:33:39 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\clipbrd.exe
[2013/08/20 21:33:38 | 000,655,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mstscax.dll
[2013/08/20 21:33:38 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\spider.exe
[2013/08/20 21:33:38 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\spider.exe
[2013/08/20 21:33:38 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mstsc.exe
[2013/08/20 21:33:38 | 000,139,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rdpwd.sys
[2013/08/20 21:33:38 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\tscfgwmi.dll
[2013/08/20 21:33:38 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tscfgwmi.dll
[2013/08/20 21:33:38 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\remotepg.dll
[2013/08/20 21:33:38 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tdtcp.sys
[2013/08/20 21:33:38 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\rdsaddin.exe
[2013/08/20 21:33:38 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rdsaddin.exe
[2013/08/20 21:33:38 | 000,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tdpipe.sys
[2013/08/20 21:33:37 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\termsrv.dll
[2013/08/20 21:33:37 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\rdchost.dll
[2013/08/20 21:33:37 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rdchost.dll
[2013/08/20 21:33:37 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sessmgr.exe
[2013/08/20 21:33:37 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\rdpwsx.dll
[2013/08/20 21:33:37 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rdpwsx.dll
[2013/08/20 21:33:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\rdshost.exe
[2013/08/20 21:33:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rdshost.exe
[2013/08/20 21:33:37 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\rdpclip.exe
[2013/08/20 21:33:37 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rdpclip.exe
[2013/08/20 21:33:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\tscupgrd.exe
[2013/08/20 21:33:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tscupgrd.exe
[2013/08/20 21:33:37 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cfgbkend.dll
[2013/08/20 21:33:37 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\cfgbkend.dll
[2013/08/20 21:33:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\qprocess.exe
[2013/08/20 21:33:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\qprocess.exe
[2013/08/20 21:33:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\rdpsnd.dll
[2013/08/20 21:33:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rdpsnd.dll
[2013/08/20 21:33:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\icaapi.dll
[2013/08/20 21:33:36 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\msdtctm.dll
[2013/08/20 21:33:36 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msdtctm.dll
[2013/08/20 21:33:36 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\msdtcprx.dll
[2013/08/20 21:33:36 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msdtcprx.dll
[2013/08/20 21:33:36 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\msdtcuiu.dll
[2013/08/20 21:33:36 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msdtcuiu.dll
[2013/08/20 21:33:36 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mtxoci.dll
[2013/08/20 21:33:36 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\msdtclog.dll
[2013/08/20 21:33:36 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msdtclog.dll
[2013/08/20 21:33:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\xolehlp.dll
[2013/08/20 21:33:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\xolehlp.dll
[2013/08/20 21:33:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msdtc.exe
[2013/08/20 21:33:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\MsDtc
[2013/08/20 21:33:35 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\catsrvut.dll
[2013/08/20 21:33:35 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\catsrv.dll
[2013/08/20 21:33:35 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\comadmin.dll
[2013/08/20 21:33:35 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\clbcatex.dll
[2013/08/20 21:33:35 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\clbcatex.dll
[2013/08/20 21:33:35 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\catsrvps.dll
[2013/08/20 21:33:35 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\catsrvps.dll
[2013/08/20 21:33:35 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\colbact.dll
[2013/08/20 21:33:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\comrepl.exe
[2013/08/20 21:33:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\Com
[2013/08/20 21:33:34 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\comsvcs.dll
[2013/08/20 21:33:34 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\comuid.dll
[2013/08/20 21:33:34 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\comuid.dll
[2013/08/20 21:33:34 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\clbcatq.dll
[2013/08/20 21:33:30 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmipcima.dll
[2013/08/20 21:33:30 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmisvc.dll
[2013/08/20 21:33:30 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmiprov.dll
[2013/08/20 21:33:30 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmidcprv.dll
[2013/08/20 21:33:30 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmipdskq.dll
[2013/08/20 21:33:30 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmiutils.dll
[2013/08/20 21:33:30 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmipjobj.dll
[2013/08/20 21:33:30 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmipiprt.dll
[2013/08/20 21:33:30 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmicookr.dll
[2013/08/20 21:33:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmipsess.dll
[2013/08/20 21:33:29 | 000,530,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemcore.dll
[2013/08/20 21:33:29 | 000,358,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmic.exe
[2013/08/20 21:33:29 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemess.dll
[2013/08/20 21:33:29 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemcomn.dll
[2013/08/20 21:33:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemupgd.dll
[2013/08/20 21:33:29 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmiadap.exe
[2013/08/20 21:33:29 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemcntl.dll
[2013/08/20 21:33:29 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemdisp.dll
[2013/08/20 21:33:29 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\viewprov.dll
[2013/08/20 21:33:29 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmiapsrv.exe
[2013/08/20 21:33:29 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemtest.exe
[2013/08/20 21:33:29 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmiaprpl.dll
[2013/08/20 21:33:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemcons.dll
[2013/08/20 21:33:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemsvc.dll
[2013/08/20 21:33:29 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemprox.dll
[2013/08/20 21:33:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmiapres.dll
[2013/08/20 21:33:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\provthrd.dll
[2013/08/20 21:33:28 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ntevt.dll
[2013/08/20 21:33:28 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\repdrvfs.dll
[2013/08/20 21:33:28 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mofd.dll
[2013/08/20 21:33:28 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\policman.dll
[2013/08/20 21:33:28 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\stdprov.dll
[2013/08/20 21:33:28 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ncprov.dll
[2013/08/20 21:33:28 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\scrcons.exe
[2013/08/20 21:33:28 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\krnlprov.dll
[2013/08/20 21:33:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mofcomp.exe
[2013/08/20 21:33:27 | 001,352,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cimwin32.dll
[2013/08/20 21:33:27 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\esscli.dll
[2013/08/20 21:33:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\framedyn.dll
[2013/08/20 21:33:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\licwmi.dll
[2013/08/20 21:33:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\licwmi.dll
[2013/08/20 21:33:27 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\servdeps.dll
[2013/08/20 21:33:27 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\servdeps.dll
[2013/08/20 21:33:27 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mmfutil.dll
[2013/08/20 21:33:27 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mmfutil.dll
[2013/08/20 21:33:26 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cmprops.dll
[2013/08/20 21:33:26 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\cmprops.dll
[2013/08/20 21:33:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Documents\My Videos
[2013/08/20 21:32:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Accessories
[2013/08/20 14:27:35 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\drivers\enum1394.sys
[2013/08/20 14:27:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\usbui.dll
[2013/08/20 14:26:33 | 000,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\drivers\battc.sys
[2013/08/20 14:22:51 | 000,000,000 | -HSD | C] -- C:\WINDOWS\NEW\Installer
[2013/08/20 14:22:41 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt041f.dll
[2013/08/20 14:22:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0419.dll
[2013/08/20 14:22:40 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdtuq.dll
[2013/08/20 14:22:40 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdtuf.dll
[2013/08/20 14:22:40 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdtuq.dll
[2013/08/20 14:22:40 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdtuf.dll
[2013/08/20 14:22:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdazel.dll
[2013/08/20 14:22:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdazel.dll
[2013/08/20 14:22:38 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0408.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdycc.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbduzb.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdur.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdtat.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdru1.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdru.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdmon.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdkyr.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdkaz.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdbu.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdblr.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdaze.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdycc.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbduzb.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdur.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdtat.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdru1.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdru.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdmon.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdkyr.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdkaz.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdbu.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdblr.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdaze.dll
[2013/08/20 14:22:37 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdhept.dll
[2013/08/20 14:22:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdhept.dll
[2013/08/20 14:22:37 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdhela3.dll
[2013/08/20 14:22:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdhela3.dll
[2013/08/20 14:22:37 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdhela2.dll
[2013/08/20 14:22:37 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdgkl.dll
[2013/08/20 14:22:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdhela2.dll
[2013/08/20 14:22:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdgkl.dll
[2013/08/20 14:22:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdhe319.dll
[2013/08/20 14:22:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdhe220.dll
[2013/08/20 14:22:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdhe.dll
[2013/08/20 14:22:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdhe319.dll
[2013/08/20 14:22:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdhe220.dll
[2013/08/20 14:22:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdhe.dll
[2013/08/20 14:22:36 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdlt1.dll
[2013/08/20 14:22:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdlt1.dll
[2013/08/20 14:22:35 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt040e.dll
[2013/08/20 14:22:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0415.dll
[2013/08/20 14:22:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0405.dll
[2013/08/20 14:22:35 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdlv1.dll
[2013/08/20 14:22:35 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdlv.dll
[2013/08/20 14:22:35 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdest.dll
[2013/08/20 14:22:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdlv1.dll
[2013/08/20 14:22:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdlv.dll
[2013/08/20 14:22:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdest.dll
[2013/08/20 14:22:35 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdlt.dll
[2013/08/20 14:22:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdlt.dll
[2013/08/20 14:22:34 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdcz.dll
[2013/08/20 14:22:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdcz.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdycl.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdsl1.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdsl.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdpl.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdhu.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdcz2.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdcz1.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdcr.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\KBDAL.DLL
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdycl.dll
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdsl1.dll
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdsl.dll
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdpl.dll
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdhu.dll
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdcz2.dll
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdcz1.dll
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdcr.dll
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdal.dll
[2013/08/20 14:22:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdro.dll
[2013/08/20 14:22:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdpl1.dll
[2013/08/20 14:22:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdhu1.dll
[2013/08/20 14:22:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdro.dll
[2013/08/20 14:22:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdpl1.dll
[2013/08/20 14:22:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdhu1.dll
[2013/08/20 14:22:31 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\NEW\System32\dllcache\dgrpsetu.dll
[2013/08/20 14:22:31 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\NEW\System32\dgrpsetu.dll
[2013/08/20 14:22:31 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\NEW\System32\dllcache\dgsetup.dll
[2013/08/20 14:22:31 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\NEW\System32\dgsetup.dll
[2013/08/20 14:22:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\irclass.dll
[2013/08/20 14:22:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\irclass.dll
[2013/08/20 14:22:30 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\MSVIDEO.DLL
[2013/08/20 14:22:30 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\NEW\System32\EqnClass.Dll
[2013/08/20 14:22:30 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\NEW\System32\dllcache\eqnclass.dll
[2013/08/20 14:22:30 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\OLECLI.DLL
[2013/08/20 14:22:30 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\NEW\System32\spxcoins.dll
[2013/08/20 14:22:30 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\NEW\System32\dllcache\spxcoins.dll
[2013/08/20 14:22:30 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\OLESVR.DLL
[2013/08/20 14:22:30 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\TAPI.DLL
[2013/08/20 14:22:30 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\WFWNET.DRV
[2013/08/20 14:22:30 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\VER.DLL
[2013/08/20 14:22:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\SHELL.DLL
[2013/08/20 14:22:30 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\TIMER.DRV
[2013/08/20 14:22:30 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\SYSTEM.DRV
[2013/08/20 14:22:30 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\VGA.DRV
[2013/08/20 14:22:30 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\SOUND.DRV
[2013/08/20 14:22:29 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\AVIFILE.DLL
[2013/08/20 14:22:29 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\MCIAVI.DRV
[2013/08/20 14:22:29 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\AVICAP.DLL
[2013/08/20 14:22:29 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\COMMDLG.DLL
[2013/08/20 14:22:29 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\MCIWAVE.DRV
[2013/08/20 14:22:29 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\MCISEQ.DRV
[2013/08/20 14:22:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\TASKMAN.EXE
[2013/08/20 14:22:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\taskman.exe
[2013/08/20 14:22:29 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\LZEXPAND.DLL
[2013/08/20 14:22:29 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\MOUSE.DRV
[2013/08/20 14:22:29 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\KEYBOARD.DRV
[2013/08/20 14:22:29 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\MMTASK.TSK
[2013/08/20 14:22:28 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\WINSPOOL.DRV
[2013/08/20 14:22:28 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\MMSYSTEM.DLL
[2013/08/20 14:22:28 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\irenum.sys
[2013/08/20 14:22:28 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\batt.dll
[2013/08/20 14:22:28 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\batt.dll
[2013/08/20 14:22:25 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\storprop.dll
[2013/08/20 14:22:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Startup
[2013/08/20 14:22:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Start Menu
[2013/08/20 14:22:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Documents
[2013/08/20 14:22:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.NEW\Templates
[2013/08/20 14:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.NEW\Favorites
[2013/08/20 14:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.NEW\Desktop
[2013/08/20 14:21:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\CatRoot2
[2013/08/20 14:21:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\CatRoot
[2013/08/20 14:21:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.NEW\Application Data\Microsoft
[2013/08/20 14:21:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users.NEW\Application Data
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\WinSxS
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\usmt
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Provisioning
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\PeerNet
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\mui
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\inetsrv
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\IME
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\ime
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\ehome
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\3com_dmi
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\3076
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\2052
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\1054
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\1042
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\1041
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\1037
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\1033
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\1031
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\1028
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\1025
[2013/08/20 14:11:47 | 000,000,000 | R-SD | C] -- C:\WINDOWS\NEW\Fonts
[2013/08/20 14:11:47 | 000,000,000 | RHSD | C] -- C:\WINDOWS\NEW\System32\dllcache
[2013/08/20 14:11:47 | 000,000,000 | R--D | C] -- C:\WINDOWS\NEW\Web
[2013/08/20 14:11:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\NEW\inf
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\wins
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\wbem
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\twain_32
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Temp
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\system32
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\system
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\spool
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\ShellExt
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\Setup
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\security
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Resources
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\repair
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\ras
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\pchealth
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\oobe
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\npp
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\mui
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\msapps
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\msagent
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Media
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\java
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\icsxml
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\ias
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Help
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\export
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\drivers\etc
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\drivers
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Driver Cache
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\drivers\disdn
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\dhcp
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\dell
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Debug
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Cursors
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Connection Wizard
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\config
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Config
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\AppPatch
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\addins
[2013/08/16 16:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/07/27 10:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/07/27 07:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[5 C:\WINDOWS\NEW\*.tmp files -> C:\WINDOWS\NEW\*.tmp -> ]
[1 C:\WINDOWS\NEW\System32\*.tmp files -> C:\WINDOWS\NEW\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/23 18:48:45 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\NEW\System32\drivers\mbamswissarmy.sys
[2013/08/23 18:44:39 | 000,380,918 | ---- | M] () -- C:\WINDOWS\NEW\System32\perfh009.dat
[2013/08/23 18:44:39 | 000,053,166 | ---- | M] () -- C:\WINDOWS\NEW\System32\perfc009.dat
[2013/08/23 18:40:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\NEW\bootstat.dat
[2013/08/23 17:54:48 | 000,002,278 | ---- | M] () -- C:\WINDOWS\NEW\System32\wpa.dbl
[2013/08/23 17:54:29 | 177,668,096 | ---- | M] () -- C:\WINDOWS\NEW\MEMORY.DMP
[2013/08/23 14:45:35 | 2136,969,216 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/21 10:41:50 | 009,167,352 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Desktop\HitmanPro.exe
[2013/08/21 10:26:07 | 000,093,480 | ---- | M] () -- C:\WINDOWS\NEW\System32\FNTCACHE.DAT
[2013/08/20 22:24:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\NEW\WMSysPr9.prx
[2013/08/20 22:19:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\NEW\imsins.BAK
[2013/08/20 22:15:18 | 000,001,454 | ---- | M] () -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Desktop\Media Center.lnk
[2013/08/20 22:04:59 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users.NEW\Desktop\ESPN Motion.lnk
[2013/08/20 22:04:52 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Local Settings\Application Data\fusioncache.dat
[2013/08/20 21:51:22 | 000,008,192 | ---- | M] () -- C:\WINDOWS\NEW\REGLOCS.OLD
[2013/08/20 21:49:28 | 000,000,629 | ---- | M] () -- C:\WINDOWS\NEW\System32\$winnt$.inf
[2013/08/20 21:44:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\NEW\System32\CONFIG.NT
[2013/08/20 21:44:09 | 000,023,392 | ---- | M] () -- C:\WINDOWS\NEW\System32\nscompat.tlb
[2013/08/20 21:44:09 | 000,016,832 | ---- | M] () -- C:\WINDOWS\NEW\System32\amcompat.tlb
[2013/08/20 21:43:39 | 000,004,337 | ---- | M] () -- C:\WINDOWS\NEW\ODBCINST.INI
[2013/08/20 21:37:03 | 000,021,640 | ---- | M] () -- C:\WINDOWS\NEW\System32\emptyregdb.dat
[2013/08/20 21:33:17 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[5 C:\WINDOWS\NEW\*.tmp files -> C:\WINDOWS\NEW\*.tmp -> ]
[1 C:\WINDOWS\NEW\System32\*.tmp files -> C:\WINDOWS\NEW\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/21 10:26:05 | 177,668,096 | ---- | C] () -- C:\WINDOWS\NEW\MEMORY.DMP
[2013/08/20 22:22:43 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Media Center.lnk
[2013/08/20 22:15:18 | 000,001,454 | ---- | C] () -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Desktop\Media Center.lnk
[2013/08/20 22:04:59 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users.NEW\Desktop\ESPN Motion.lnk
[2013/08/20 22:04:52 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Local Settings\Application Data\fusioncache.dat
[2013/08/20 21:52:08 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Start Menu\Programs\Remote Assistance.lnk
[2013/08/20 21:52:08 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Start Menu\Programs\Windows Media Player.lnk
[2013/08/20 21:51:22 | 000,008,192 | ---- | C] () -- C:\WINDOWS\NEW\REGLOCS.OLD
[2013/08/20 21:49:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\NEW\bootstat.dat
[2013/08/20 21:47:43 | 000,175,104 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\pintlcsa.dll
[2013/08/20 21:47:08 | 001,158,818 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\korwbrkr.lex
[2013/08/20 21:46:57 | 000,059,392 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\imscinst.exe
[2013/08/20 21:46:56 | 000,196,665 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\imjpinst.exe
[2013/08/20 21:46:55 | 000,134,339 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\imekr.lex
[2013/08/20 21:46:48 | 013,463,552 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\hwxjpn.dll
[2013/08/20 21:46:44 | 000,108,827 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\hanja.lex
[2013/08/20 21:46:39 | 000,094,208 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\fpencode.dll
[2013/08/20 21:46:19 | 000,173,568 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\chtskf.dll
[2013/08/20 21:44:20 | 000,002,577 | ---- | C] () -- C:\WINDOWS\NEW\System32\CONFIG.NT
[2013/08/20 21:44:09 | 000,023,392 | ---- | C] () -- C:\WINDOWS\NEW\System32\nscompat.tlb
[2013/08/20 21:44:09 | 000,016,832 | ---- | C] () -- C:\WINDOWS\NEW\System32\amcompat.tlb
[2013/08/20 21:44:08 | 000,316,640 | ---- | C] () -- C:\WINDOWS\NEW\WMSysPr9.prx
[2013/08/20 21:40:47 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Windows Movie Maker.lnk
[2013/08/20 21:40:20 | 004,399,505 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\nls302en.lex
[2013/08/20 21:39:50 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\NEW\winnt256.bmp
[2013/08/20 21:39:50 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\NEW\winnt.bmp
[2013/08/20 21:39:45 | 000,000,984 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\srframe.mmf
[2013/08/20 21:39:26 | 000,376,320 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\msinfo.dll
[2013/08/20 21:37:10 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Windows Messenger.lnk
[2013/08/20 21:37:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\NEW\System32\emptyregdb.dat
[2013/08/20 21:35:58 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\MSN.lnk
[2013/08/20 21:35:04 | 000,011,452 | ---- | C] () -- C:\WINDOWS\NEW\System32\mypixdx.chm
[2013/08/20 21:34:13 | 010,604,352 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\ehcir.ird
[2013/08/20 21:33:53 | 000,065,954 | ---- | C] () -- C:\WINDOWS\NEW\Prairie Wind.bmp
[2013/08/20 21:33:53 | 000,065,832 | ---- | C] () -- C:\WINDOWS\NEW\Santa Fe Stucco.bmp
[2013/08/20 21:33:53 | 000,026,680 | ---- | C] () -- C:\WINDOWS\NEW\River Sumida.bmp
[2013/08/20 21:33:53 | 000,026,582 | ---- | C] () -- C:\WINDOWS\NEW\Greenstone.bmp
[2013/08/20 21:33:53 | 000,017,362 | ---- | C] () -- C:\WINDOWS\NEW\Rhododendron.bmp
[2013/08/20 21:33:53 | 000,017,336 | ---- | C] () -- C:\WINDOWS\NEW\Gone Fishing.bmp
[2013/08/20 21:33:53 | 000,009,522 | ---- | C] () -- C:\WINDOWS\NEW\Zapotec.bmp
[2013/08/20 21:33:52 | 000,065,978 | ---- | C] () -- C:\WINDOWS\NEW\Soap Bubbles.bmp
[2013/08/20 21:33:52 | 000,017,062 | ---- | C] () -- C:\WINDOWS\NEW\Coffee Bean.bmp
[2013/08/20 21:33:52 | 000,016,730 | ---- | C] () -- C:\WINDOWS\NEW\FeatherTexture.bmp
[2013/08/20 21:33:52 | 000,001,272 | ---- | C] () -- C:\WINDOWS\NEW\Blue Lace 16.bmp
[2013/08/20 21:33:50 | 000,003,286 | ---- | C] () -- C:\WINDOWS\NEW\System32\tslabels.h
[2013/08/20 21:33:50 | 000,001,161 | ---- | C] () -- C:\WINDOWS\NEW\System32\usrlogon.cmd
[2013/08/20 21:33:49 | 000,000,768 | ---- | C] () -- C:\WINDOWS\NEW\System32\msdtcprf.h
[2013/08/20 21:33:43 | 000,063,488 | ---- | C] () -- C:\WINDOWS\NEW\System32\wmimgmt.msc
[2013/08/20 14:22:56 | 000,001,374 | ---- | C] () -- C:\WINDOWS\NEW\imsins.BAK
[2013/08/20 14:22:48 | 000,004,337 | ---- | C] () -- C:\WINDOWS\NEW\ODBCINST.INI
[2013/08/20 14:22:29 | 000,001,688 | ---- | C] () -- C:\WINDOWS\NEW\System32\AUTOEXEC.NT
[2013/08/20 14:22:03 | 000,141,702 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\netfx.cat
[2013/08/20 14:22:03 | 000,130,715 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\mediactr.cat
[2013/08/20 14:22:03 | 000,110,116 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\tabletpc.cat
[2013/08/20 14:22:03 | 000,077,881 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\plus.cat
[2013/08/20 14:22:03 | 000,037,484 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\MW770.CAT
[2013/08/20 14:22:03 | 000,031,281 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\FP4.CAT
[2013/08/20 14:22:03 | 000,024,209 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\msn7.cat
[2013/08/20 14:22:03 | 000,017,916 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\sonic.cat
[2013/08/20 14:22:03 | 000,013,753 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\IMS.CAT
[2013/08/20 14:22:03 | 000,013,472 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\HPCRDP.CAT
[2013/08/20 14:22:03 | 000,011,651 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\msn9.cat
[2013/08/20 14:22:03 | 000,009,581 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\MSMSGS.CAT
[2013/08/20 14:22:03 | 000,008,574 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\IASNT4.CAT
[2013/08/20 14:22:03 | 000,007,710 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\OEMBIOS.CAT
[2013/08/20 14:22:03 | 000,007,334 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\wmerrenu.cat
[2013/08/20 14:22:03 | 000,007,245 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\MSTSWEB.CAT
[2013/08/20 14:22:02 | 002,008,817 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\NT5.CAT
[2013/08/20 14:22:02 | 000,797,189 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\NT5IIS.CAT
[2013/08/20 14:22:02 | 000,505,647 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\NT5INF.CAT
[2013/08/20 14:22:02 | 000,399,645 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\MAPIMIG.CAT
[2013/08/20 14:22:02 | 000,106,147 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\SP2.CAT
[2013/08/20 14:20:59 | 000,093,480 | ---- | C] () -- C:\WINDOWS\NEW\System32\FNTCACHE.DAT
[2013/08/20 14:19:57 | 000,000,629 | ---- | C] () -- C:\WINDOWS\NEW\System32\$winnt$.inf
[2013/07/27 09:07:30 | 2136,969,216 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/11 18:09:18 | 000,591,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-101352598-1718382687-2486076142-1005-0.dat
[2011/12/26 05:32:54 | 000,277,882 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2008/07/17 19:42:39 | 070,492,160 | ---- | C] () -- C:\Program Files\sym11_32.exe
[2008/07/17 18:38:19 | 535,003,136 | ---- | C] () -- C:\Program Files\msoffice2007.exe

========== ZeroAccess Check ==========

[2013/08/20 21:37:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\NEW\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2006/03/30 02:27:01 | 001,495,040 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\NEW\system32\wbem\fastprox.dll -- [2004/08/10 04:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\NEW\system32\wbem\wbemess.dll -- [2004/08/10 04:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#5
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello ericthefish

Yea I am not seeing what I need to see because this one is fine


We are going to try System Restore to restore the system prior to the infection.

Depending on your Windows version.


Option 1.

Step 1: Use F8 to Boot to SafeMode With Command Prompt
Step 2: Use ctrl/alt/del (keys) to get task manager opened
Step 3: choose file and create new task
Step 4: Then Navigate to:
C:\windows\system32\restore\rstrui.exe and press Enter and press Enter (double click rstrui.exe) and press Enter (double click rstrui)
Step 5: Restore Computer to a Date you know you were virus free
Step 6: Run Malwarebytes

Option 2.

Step 1: Use F8 to Boot to SafeMode With Command Prompt
At the command prompt type in: rstrui.exe
  • 0

#6
ericthefish

ericthefish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Gringo,

I succeeded in fixing the boot.ini file so now the OTL utility is looking at the correct XP instance. (Once we get the virus taken care of, I will probably need some help in safely removing the 'new' one).

Here is the OTL.txt from the original XP installation:

OTL logfile created on: 8/23/2013 7:05:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 82.53% Memory free
3.84 Gb Paging File | 3.65 Gb Available in Paging File | 95.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS\NEW | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 10.37 Gb Free Space | 13.93% Space Free | Partition Type: NTFS
Drive D: | 248.08 Mb Total Space | 230.12 Mb Free Space | 92.76% Space Free | Partition Type: FAT32
Drive E: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ERIC-2894F89078 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/23 19:03:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2013/04/04 11:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2004/08/10 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NEW\explorer.exe
PRC - [2004/08/10 04:00:00 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NEW\system32\wpabaln.exe


========== Modules (No Company Name) ==========

MOD - [2005/08/05 14:01:54 | 000,282,112 | ---- | M] () -- C:\WINDOWS\NEW\system32\sbe.dll
MOD - [2005/06/28 18:55:07 | 001,287,680 | ---- | M] () -- C:\WINDOWS\NEW\system32\quartz.dll
MOD - [2004/08/10 04:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\NEW\system32\devenum.dll
MOD - [2004/08/10 04:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\NEW\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/08/23 18:48:45 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\NEW\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



[2013/08/16 16:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/16 16:54:44 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/08/16 16:54:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/16 16:59:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/30 06:34:27 | 000,080,184 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2012/03/30 06:34:30 | 000,586,040 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2009/10/29 07:43:38 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2009/10/29 07:43:50 | 000,099,216 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2009/10/29 07:41:52 | 000,061,840 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\NEW\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\NEW\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\NEW\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\NEW\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\NEW\system32\userinit.exe) - C:\WINDOWS\NEW\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 04:00:00 | 000,000,110 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a875e2c1-09dc-11e3-a728-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a875e2c1-09dc-11e3-a728-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a875e2c1-09dc-11e3-a728-806d6172696f}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2004/08/10 04:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2004/08/10 04:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/23 19:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Application Data\Dell
[2013/08/23 18:48:45 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\NEW\System32\drivers\mbamswissarmy.sys
[2013/08/23 17:54:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\CSC
[2013/08/23 17:54:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Minidump
[2013/08/21 10:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.NEW\Application Data\HitmanPro
[2013/08/21 10:43:09 | 009,167,352 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Desktop\HitmanPro.exe
[2013/08/21 07:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.NEW\Application Data\Malwarebytes
[2013/08/21 07:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Application Data\Malwarebytes
[2013/08/21 06:05:13 | 000,000,000 | ---D | C] -- C:\FRST
[2013/08/20 22:23:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\RegisteredPackages
[2013/08/20 22:18:26 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\drivers\irbus.sys
[2013/08/20 22:16:09 | 000,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\spupdsvc.exe
[2013/08/20 22:13:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/08/20 22:10:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\URTTemp
[2013/08/20 22:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\RGB
[2013/08/20 22:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.NEW\Application Data\DIGStream
[2013/08/20 22:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\DIGStream
[2013/08/20 22:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESPNMotion
[2013/08/20 22:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Local Settings\Application Data\ApplicationHistory
[2013/08/20 22:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\GemMaster
[2013/08/20 22:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\EnglishOtto
[2013/08/20 21:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.NEW\Documents\Recorded TV
[2013/08/20 21:52:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Application Data\Microsoft
[2013/08/20 21:52:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Cookies
[2013/08/20 21:52:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Application Data
[2013/08/20 21:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Local Settings\Application Data\Microsoft
[2013/08/20 21:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Favorites
[2013/08/20 21:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Desktop
[2013/08/20 21:52:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\SendTo
[2013/08/20 21:52:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Start Menu\Programs\Startup
[2013/08/20 21:52:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Start Menu
[2013/08/20 21:52:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Start Menu\Programs\Accessories
[2013/08/20 21:52:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Templates
[2013/08/20 21:52:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Recent
[2013/08/20 21:52:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\PrintHood
[2013/08/20 21:52:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\NetHood
[2013/08/20 21:52:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Local Settings
[2013/08/20 21:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ERIC-2894F89078\My Documents
[2013/08/20 21:51:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\SoftwareDistribution
[2013/08/20 21:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Prefetch
[2013/08/20 21:51:27 | 000,000,000 | --SD | C] -- C:\WINDOWS\NEW\System32\Microsoft
[2013/08/20 21:49:05 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehresja.dll
[2013/08/20 21:49:05 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehresko.dll
[2013/08/20 21:49:04 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehresfr.dll
[2013/08/20 21:49:03 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehresde.dll
[2013/08/20 21:48:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehreschs.dll
[2013/08/20 21:48:28 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winzm.ime
[2013/08/20 21:48:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winsp.ime
[2013/08/20 21:48:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winpy.ime
[2013/08/20 21:48:26 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winime.ime
[2013/08/20 21:48:25 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winar30.ime
[2013/08/20 21:48:25 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wingb.ime
[2013/08/20 21:48:24 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\weitekp9.dll
[2013/08/20 21:48:24 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\weitekp9.sys
[2013/08/20 21:48:23 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wam51.dll
[2013/08/20 21:48:23 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wamreg51.dll
[2013/08/20 21:48:23 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wamps51.dll
[2013/08/20 21:48:22 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\w3svc.dll
[2013/08/20 21:48:22 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\w3ext.dll
[2013/08/20 21:48:22 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\w32.dll
[2013/08/20 21:48:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\w3svapi.dll
[2013/08/20 21:48:22 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\w3ctrs51.dll
[2013/08/20 21:48:21 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\voicepad.dll
[2013/08/20 21:48:21 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\voicesub.dll
[2013/08/20 21:48:17 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\uniime.dll
[2013/08/20 21:48:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\unicdime.ime
[2013/08/20 21:48:16 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\uihelper.dll
[2013/08/20 21:48:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tsprof.exe
[2013/08/20 21:48:14 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tintsetp.exe
[2013/08/20 21:48:14 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tools.dll
[2013/08/20 21:48:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tmigrate.dll
[2013/08/20 21:48:13 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tintlgnt.ime
[2013/08/20 21:48:13 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\thawbrkr.dll
[2013/08/20 21:48:13 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tintlphr.exe
[2013/08/20 21:48:13 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tdspx.sys
[2013/08/20 21:48:12 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tdipx.sys
[2013/08/20 21:48:12 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tdasync.sys
[2013/08/20 21:48:09 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\svcext51.dll
[2013/08/20 21:48:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\status.dll
[2013/08/20 21:48:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sspifilt.dll
[2013/08/20 21:48:08 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ssinc51.dll
[2013/08/20 21:48:07 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\srusbusd.dll
[2013/08/20 21:48:05 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\softkey.dll
[2013/08/20 21:48:05 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\snmpthrd.dll
[2013/08/20 21:48:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\snmptrap.exe
[2013/08/20 21:48:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_snprfdll.dll
[2013/08/20 21:48:04 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\snmpincl.dll
[2013/08/20 21:48:04 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\snmpcl.dll
[2013/08/20 21:48:04 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\snmpsmir.dll
[2013/08/20 21:48:04 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\snmp.exe
[2013/08/20 21:48:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\snmpstup.dll
[2013/08/20 21:48:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\snmpmib.dll
[2013/08/20 21:48:03 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smtpsvc.dll
[2013/08/20 21:48:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smierrsm.dll
[2013/08/20 21:48:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_smtpctrs.dll
[2013/08/20 21:48:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smtpapi.dll
[2013/08/20 21:48:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smimsgif.dll
[2013/08/20 21:48:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smierrsy.dll
[2013/08/20 21:48:02 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smi2smir.exe
[2013/08/20 21:48:02 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm9aw.dll
[2013/08/20 21:48:02 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smb6w.dll
[2013/08/20 21:48:02 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sma3w.dll
[2013/08/20 21:48:02 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm8cw.dll
[2013/08/20 21:48:02 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm93w.dll
[2013/08/20 21:48:02 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm92w.dll
[2013/08/20 21:48:02 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm90w.dll
[2013/08/20 21:48:02 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm8dw.dll
[2013/08/20 21:48:01 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm87w.dll
[2013/08/20 21:48:01 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm81w.dll
[2013/08/20 21:48:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm8aw.dll
[2013/08/20 21:48:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm89w.dll
[2013/08/20 21:48:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sm59w.dll
[2013/08/20 21:48:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\simptcp.dll
[2013/08/20 21:47:56 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\seo.dll
[2013/08/20 21:47:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_seos.dll
[2013/08/20 21:47:55 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_scripto.dll
[2013/08/20 21:47:53 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\NEW\System32\dllcache\rwia330.dll
[2013/08/20 21:47:53 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\NEW\System32\dllcache\rwia001.dll
[2013/08/20 21:47:53 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\NEW\System32\dllcache\rw330ext.dll
[2013/08/20 21:47:53 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rw001ext.dll
[2013/08/20 21:47:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rwnh.dll
[2013/08/20 21:47:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rpcref.dll
[2013/08/20 21:47:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\romanime.ime
[2013/08/20 21:47:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_regtrace.exe
[2013/08/20 21:47:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\register.exe
[2013/08/20 21:47:48 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ramdisk.sys
[2013/08/20 21:47:47 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\quick.ime
[2013/08/20 21:47:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\quser.exe
[2013/08/20 21:47:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\query.exe
[2013/08/20 21:47:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pwsdata.dll
[2013/08/20 21:47:44 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pmxviceo.dll
[2013/08/20 21:47:44 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pintlphr.exe
[2013/08/20 21:47:44 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pmigrate.dll
[2013/08/20 21:47:44 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pmxmcro.dll
[2013/08/20 21:47:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pmxgl.dll
[2013/08/20 21:47:43 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pintlgnt.ime
[2013/08/20 21:47:43 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\phon.ime
[2013/08/20 21:47:43 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pintlcsd.dll
[2013/08/20 21:47:43 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\permchk.dll
[2013/08/20 21:47:41 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\padrs411.dll
[2013/08/20 21:47:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pagecnt.dll
[2013/08/20 21:47:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\padrs404.dll
[2013/08/20 21:47:41 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\padrs804.dll
[2013/08/20 21:47:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\padrs412.dll
[2013/08/20 21:47:36 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\nsepm.dll
[2013/08/20 21:47:36 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_ntfsdrv.dll
[2013/08/20 21:47:34 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\nextlink.dll
[2013/08/20 21:47:30 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\multibox.dll
[2013/08/20 21:47:30 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mtstocom.exe
[2013/08/20 21:47:26 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msiregmv.exe
[2013/08/20 21:47:25 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msir3jp.lex
[2013/08/20 21:47:25 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msir3jp.dll
[2013/08/20 21:47:13 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mga.sys
[2013/08/20 21:47:13 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mga.dll
[2013/08/20 21:47:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\metada51.dll
[2013/08/20 21:47:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\migregdb.exe
[2013/08/20 21:47:12 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\md5filt.dll
[2013/08/20 21:47:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mdsync.dll
[2013/08/20 21:47:11 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_mailmsg.dll
[2013/08/20 21:47:10 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\lpdsvc.dll
[2013/08/20 21:47:10 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\logscrpt.dll
[2013/08/20 21:47:10 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\lprmon.dll
[2013/08/20 21:47:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\lonsint.dll
[2013/08/20 21:47:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\lmmib2.dll
[2013/08/20 21:47:08 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\korwbrkr.dll
[2013/08/20 21:47:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdth3.dll
[2013/08/20 21:47:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdvntc.dll
[2013/08/20 21:47:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdusa.dll
[2013/08/20 21:47:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdurdu.dll
[2013/08/20 21:47:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdnecnt.dll
[2013/08/20 21:47:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdth2.dll
[2013/08/20 21:47:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdth1.dll
[2013/08/20 21:47:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdth0.dll
[2013/08/20 21:47:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdsyr2.dll
[2013/08/20 21:47:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdsyr1.dll
[2013/08/20 21:47:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdnecat.dll
[2013/08/20 21:47:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdnec95.dll
[2013/08/20 21:47:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdlk41a.dll
[2013/08/20 21:47:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdlk41j.dll
[2013/08/20 21:47:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdinpun.dll
[2013/08/20 21:47:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdintel.dll
[2013/08/20 21:47:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdintam.dll
[2013/08/20 21:47:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdinmar.dll
[2013/08/20 21:47:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdibm02.dll
[2013/08/20 21:47:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdinkan.dll
[2013/08/20 21:47:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdinhin.dll
[2013/08/20 21:47:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdinguj.dll
[2013/08/20 21:47:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdindev.dll
[2013/08/20 21:47:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdheb.dll
[2013/08/20 21:47:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdgeo.dll
[2013/08/20 21:47:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdfa.dll
[2013/08/20 21:47:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbddiv2.dll
[2013/08/20 21:47:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbddiv1.dll
[2013/08/20 21:47:02 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\jupiw.dll
[2013/08/20 21:47:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdax2.dll
[2013/08/20 21:47:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbd106n.dll
[2013/08/20 21:47:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbd101a.dll
[2013/08/20 21:47:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbd101.dll
[2013/08/20 21:47:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbda3.dll
[2013/08/20 21:47:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbda2.dll
[2013/08/20 21:47:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbda1.dll
[2013/08/20 21:47:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdarmw.dll
[2013/08/20 21:47:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdarme.dll
[2013/08/20 21:47:01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iscomlog.dll
[2013/08/20 21:47:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iwrps.dll
[2013/08/20 21:47:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\isapips.dll
[2013/08/20 21:47:00 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iprip.dll
[2013/08/20 21:46:59 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\infocomm.dll
[2013/08/20 21:46:59 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\infoctrs.dll
[2013/08/20 21:46:58 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imskdic.dll
[2013/08/20 21:46:58 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imskf.dll
[2013/08/20 21:46:58 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\inetin51.exe
[2013/08/20 21:46:57 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjputyc.dll
[2013/08/20 21:46:57 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjputy.exe
[2013/08/20 21:46:57 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjprw.exe
[2013/08/20 21:46:57 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imlang.dll
[2013/08/20 21:46:57 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imkrinst.exe
[2013/08/20 21:46:57 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjpuex.exe
[2013/08/20 21:46:56 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjpcus.dll
[2013/08/20 21:46:56 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjpdct.exe
[2013/08/20 21:46:56 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjpmig.exe
[2013/08/20 21:46:56 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjpdsvr.exe
[2013/08/20 21:46:56 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjpdct.dll
[2013/08/20 21:46:56 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjpdadm.exe
[2013/08/20 21:46:55 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjp81k.dll
[2013/08/20 21:46:55 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjpcic.dll
[2013/08/20 21:46:55 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imjp81.ime
[2013/08/20 21:46:55 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imepadsv.exe
[2013/08/20 21:46:55 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imekrcic.dll
[2013/08/20 21:46:55 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imepadsm.dll
[2013/08/20 21:46:55 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imekr61.ime
[2013/08/20 21:46:55 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imekrmbx.dll
[2013/08/20 21:46:55 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\imekrmig.exe
[2013/08/20 21:46:54 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iische51.dll
[2013/08/20 21:46:54 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iislog51.dll
[2013/08/20 21:46:54 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisclex4.dll
[2013/08/20 21:46:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisadmin.dll
[2013/08/20 21:46:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iiscrmap.dll
[2013/08/20 21:46:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisfecnv.dll
[2013/08/20 21:46:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iissync.exe
[2013/08/20 21:46:54 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iismui.dll
[2013/08/20 21:46:50 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\hwxkor.dll
[2013/08/20 21:46:46 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\hwxcht.dll
[2013/08/20 21:46:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\httpod51.dll
[2013/08/20 21:46:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\httpmb51.dll
[2013/08/20 21:46:45 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\httpext.dll
[2013/08/20 21:46:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\hostmib.dll
[2013/08/20 21:46:44 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\hanjadic.dll
[2013/08/20 21:46:44 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\gzip.dll
[2013/08/20 21:46:42 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsst.dll
[2013/08/20 21:46:42 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsxp32.dll
[2013/08/20 21:46:42 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxstiff.dll
[2013/08/20 21:46:42 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxssvc.exe
[2013/08/20 21:46:42 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxst30.dll
[2013/08/20 21:46:42 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxswzrd.dll
[2013/08/20 21:46:42 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsui.dll
[2013/08/20 21:46:41 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxscomex.dll
[2013/08/20 21:46:41 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxscover.exe
[2013/08/20 21:46:41 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxscom.dll
[2013/08/20 21:46:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsevent.dll
[2013/08/20 21:46:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsroute.dll
[2013/08/20 21:46:41 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsdrv.dll
[2013/08/20 21:46:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsmon.dll
[2013/08/20 21:46:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsext32.dll
[2013/08/20 21:46:41 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxssend.exe
[2013/08/20 21:46:41 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsperf.dll
[2013/08/20 21:46:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsres.dll
[2013/08/20 21:46:40 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsapi.dll
[2013/08/20 21:46:40 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsclnt.exe
[2013/08/20 21:46:40 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxsclntr.dll
[2013/08/20 21:46:40 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ftpsv251.dll
[2013/08/20 21:46:40 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fxscfgwz.dll
[2013/08/20 21:46:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ftpctrs2.dll
[2013/08/20 21:46:40 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ftpmib.dll
[2013/08/20 21:46:39 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fpadmdll.dll
[2013/08/20 21:46:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ftlx041e.dll
[2013/08/20 21:46:38 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fpadmcgi.exe
[2013/08/20 21:46:38 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\flattemp.exe
[2013/08/20 21:46:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_fcachdll.dll
[2013/08/20 21:46:36 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\evntagnt.dll
[2013/08/20 21:46:36 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\evntwin.exe
[2013/08/20 21:46:36 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\evntcmd.exe
[2013/08/20 21:46:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\exstrace.dll
[2013/08/20 21:46:36 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\f3ahvoas.dll
[2013/08/20 21:46:35 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\NEW\System32\dllcache\esuimgd.dll
[2013/08/20 21:46:35 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\NEW\System32\dllcache\esunid.dll
[2013/08/20 21:46:35 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\NEW\System32\dllcache\esucmd.dll
[2013/08/20 21:46:35 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\et4000.sys
[2013/08/20 21:46:33 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\edb500.dll
[2013/08/20 21:46:25 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\dayi.ime
[2013/08/20 21:46:25 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\davcdata.exe
[2013/08/20 21:46:23 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cplexe.exe
[2013/08/20 21:46:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cprofile.exe
[2013/08/20 21:46:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\convlog.exe
[2013/08/20 21:46:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\controt.dll
[2013/08/20 21:46:22 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\counters.dll
[2013/08/20 21:46:21 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\compfilt.dll
[2013/08/20 21:46:20 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cintsetp.exe
[2013/08/20 21:46:20 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cintlgnt.ime
[2013/08/20 21:46:19 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\chtbrkr.dll
[2013/08/20 21:46:19 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cintime.dll
[2013/08/20 21:46:19 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\chtmbx.dll
[2013/08/20 21:46:19 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\chtskdic.dll
[2013/08/20 21:46:18 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\chsbrkr.dll
[2013/08/20 21:46:18 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\chgport.exe
[2013/08/20 21:46:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\chgusr.exe
[2013/08/20 21:46:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\chglogon.exe
[2013/08/20 21:46:18 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\change.exe
[2013/08/20 21:46:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\chajei.ime
[2013/08/20 21:46:16 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\c_g18030.dll
[2013/08/20 21:46:16 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\NEW\System32\dllcache\cap7146.sys
[2013/08/20 21:46:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\c_iscii.dll
[2013/08/20 21:46:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\c_is2022.dll
[2013/08/20 21:46:07 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\browscap.dll
[2013/08/20 21:46:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\authfilt.dll
[2013/08/20 21:46:04 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\asp51.dll
[2013/08/20 21:46:04 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\asptxn.dll
[2013/08/20 21:46:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\aspperf.dll
[2013/08/20 21:46:03 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\aqueue.dll
[2013/08/20 21:46:03 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\appconf.dll
[2013/08/20 21:46:03 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_aqadmin.dll
[2013/08/20 21:46:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0804.dll
[2013/08/20 21:46:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0412.dll
[2013/08/20 21:46:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0411.dll
[2013/08/20 21:46:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt040d.dll
[2013/08/20 21:46:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0404.dll
[2013/08/20 21:46:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0401.dll
[2013/08/20 21:46:01 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\adrot.dll
[2013/08/20 21:46:01 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\admexs.dll
[2013/08/20 21:46:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\admxprox.dll
[2013/08/20 21:46:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EXCH_adsiisex.dll
[2013/08/20 21:45:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wamregps.dll
[2013/08/20 21:45:54 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tcptest.exe
[2013/08/20 21:45:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tcptsat.dll
[2013/08/20 21:45:53 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smtpsnap.dll
[2013/08/20 21:45:53 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smtpadm.dll
[2013/08/20 21:45:53 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\staxmem.dll
[2013/08/20 21:45:51 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\shtml.exe
[2013/08/20 21:45:50 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\shtml.dll
[2013/08/20 21:45:40 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\logui.ocx
[2013/08/20 21:45:40 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\isatq.dll
[2013/08/20 21:45:39 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\inetmgr.dll
[2013/08/20 21:45:39 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisui.dll
[2013/08/20 21:45:39 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\inetsloc.dll
[2013/08/20 21:45:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\infoadmn.dll
[2013/08/20 21:45:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\inetmgr.exe
[2013/08/20 21:45:38 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisrtl.dll
[2013/08/20 21:45:38 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisext51.dll
[2013/08/20 21:45:38 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iismap.dll
[2013/08/20 21:45:38 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisrstas.exe
[2013/08/20 21:45:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisreset.exe
[2013/08/20 21:45:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ftpsapi2.dll
[2013/08/20 21:45:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\iisrstap.dll
[2013/08/20 21:45:37 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fpmmc.dll
[2013/08/20 21:45:37 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fpmmcsat.dll
[2013/08/20 21:45:37 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fpexedll.dll
[2013/08/20 21:45:37 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fpremadm.exe
[2013/08/20 21:45:36 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4awel.dll
[2013/08/20 21:45:36 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fpcount.exe
[2013/08/20 21:45:36 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp98swin.exe
[2013/08/20 21:45:36 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp98sadm.exe
[2013/08/20 21:45:35 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4apws.dll
[2013/08/20 21:45:35 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4atxt.dll
[2013/08/20 21:45:35 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4anscp.dll
[2013/08/20 21:45:35 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4awebs.dll
[2013/08/20 21:45:35 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4areg.dll
[2013/08/20 21:45:35 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4avnb.dll
[2013/08/20 21:45:35 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4avss.dll
[2013/08/20 21:45:34 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fp4amsft.dll
[2013/08/20 21:45:33 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\certwiz.ocx
[2013/08/20 21:45:33 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cfgwiz.exe
[2013/08/20 21:45:33 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\certmap.ocx
[2013/08/20 21:45:33 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cnfgprts.ocx
[2013/08/20 21:45:33 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\coadmin.dll
[2013/08/20 21:45:33 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\author.exe
[2013/08/20 21:45:32 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\adsiis51.dll
[2013/08/20 21:45:32 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\author.dll
[2013/08/20 21:45:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\admwprox.dll
[2013/08/20 21:45:31 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\admin.dll
[2013/08/20 21:45:31 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\admin.exe
[2013/08/20 21:45:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\xircom
[2013/08/20 21:44:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\NEW\$hf_mig$
[2013/08/20 21:43:38 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mapi32.dll
[2013/08/20 21:41:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.NEW\DRM
[2013/08/20 21:41:20 | 000,000,000 | --SD | C] -- C:\WINDOWS\NEW\Downloaded Program Files
[2013/08/20 21:41:20 | 000,000,000 | R--D | C] -- C:\WINDOWS\NEW\Offline Web Pages
[2013/08/20 21:40:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\DirectX
[2013/08/20 21:39:52 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msoobe.exe
[2013/08/20 21:39:51 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\helphost.exe
[2013/08/20 21:39:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\notiflag.exe
[2013/08/20 21:39:51 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\brpinfo.dll
[2013/08/20 21:39:51 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\atrace.dll
[2013/08/20 21:39:51 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\atrace.dll
[2013/08/20 21:39:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\hcappres.dll
[2013/08/20 21:39:45 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\srdiag.exe
[2013/08/20 21:39:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\nmevtmsg.dll
[2013/08/20 21:39:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\nmevtmsg.dll
[2013/08/20 21:39:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\acctres.dll
[2013/08/20 21:39:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\acctres.dll
[2013/08/20 21:39:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\icfgnt5.dll
[2013/08/20 21:39:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\icfgnt5.dll
[2013/08/20 21:39:44 | 000,000,000 | --SD | C] -- C:\WINDOWS\NEW\Tasks
[2013/08/20 21:39:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\isignup.exe
[2013/08/20 21:39:41 | 000,725,566 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\srchui.dll
[2013/08/20 21:39:41 | 000,058,434 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\srchctls.dll
[2013/08/20 21:39:40 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msgr3en.dll
[2013/08/20 21:39:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\srchasst
[2013/08/20 21:39:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\Macromed
[2013/08/20 21:39:34 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wuweb.dll
[2013/08/20 21:39:33 | 001,134,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wuaueng.dll
[2013/08/20 21:39:33 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\wuapi.dll
[2013/08/20 21:39:33 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wuapi.dll
[2013/08/20 21:39:33 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\wuaueng1.dll
[2013/08/20 21:39:33 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wuaueng1.dll
[2013/08/20 21:39:33 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\wuauclt1.exe
[2013/08/20 21:39:33 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wuauclt1.exe
[2013/08/20 21:39:33 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wuaucpl.cpl
[2013/08/20 21:39:33 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\wucltui.dll
[2013/08/20 21:39:33 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wucltui.dll
[2013/08/20 21:39:33 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wuauclt.exe
[2013/08/20 21:39:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\wups.dll
[2013/08/20 21:39:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wups.dll
[2013/08/20 21:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\bitsprx2.dll
[2013/08/20 21:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\bitsprx2.dll
[2013/08/20 21:39:33 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\bitsprx3.dll
[2013/08/20 21:39:33 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\bitsprx3.dll
[2013/08/20 21:39:33 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wuauserv.dll
[2013/08/20 21:39:32 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\qmgr.dll
[2013/08/20 21:39:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\qmgrprxy.dll
[2013/08/20 21:39:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\qmgrprxy.dll
[2013/08/20 21:39:30 | 000,561,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msobmain.dll
[2013/08/20 21:39:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msobdl.dll
[2013/08/20 21:39:29 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msobcomm.dll
[2013/08/20 21:39:29 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\oobebaln.exe
[2013/08/20 21:39:29 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msobshel.dll
[2013/08/20 21:39:29 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msobweb.dll
[2013/08/20 21:39:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\uploadm.exe
[2013/08/20 21:39:28 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\safrslv.dll
[2013/08/20 21:39:28 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\safrslv.dll
[2013/08/20 21:39:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\safrcdlg.dll
[2013/08/20 21:39:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\safrcdlg.dll
[2013/08/20 21:39:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\racpldlg.dll
[2013/08/20 21:39:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\racpldlg.dll
[2013/08/20 21:39:28 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\safrdm.dll
[2013/08/20 21:39:28 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\safrdm.dll
[2013/08/20 21:39:27 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pchshell.dll
[2013/08/20 21:39:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\pchsvc.dll
[2013/08/20 21:39:26 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msconfig.exe
[2013/08/20 21:39:25 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\helpctr.exe
[2013/08/20 21:39:25 | 000,743,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\helpsvc.exe
[2013/08/20 21:39:25 | 000,124,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fltmgr.sys
[2013/08/20 21:39:25 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\fltMc.exe
[2013/08/20 21:39:25 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fltmc.exe
[2013/08/20 21:39:25 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\hscupd.exe
[2013/08/20 21:39:25 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fltlib.dll
[2013/08/20 21:39:24 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rstrui.exe
[2013/08/20 21:39:24 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\srrstr.dll
[2013/08/20 21:39:24 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\srrstr.dll
[2013/08/20 21:39:24 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\srsvc.dll
[2013/08/20 21:39:24 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\ils.dll
[2013/08/20 21:39:24 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ils.dll
[2013/08/20 21:39:24 | 000,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sr.sys
[2013/08/20 21:39:24 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\srclient.dll
[2013/08/20 21:39:24 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\NEW\System32\isrdbg32.dll
[2013/08/20 21:39:24 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\NEW\System32\dllcache\isrdbg32.dll
[2013/08/20 21:39:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\Restore
[2013/08/20 21:39:23 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\msconf.dll
[2013/08/20 21:39:23 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msconf.dll
[2013/08/20 21:39:23 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mnmdd.dll
[2013/08/20 21:39:23 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mnmdd.dll
[2013/08/20 21:39:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mnmsrvc.exe
[2013/08/20 21:39:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\nmmkcert.dll
[2013/08/20 21:39:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\nmmkcert.dll
[2013/08/20 21:39:18 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\msoeacct.dll
[2013/08/20 21:39:18 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msoeacct.dll
[2013/08/20 21:39:18 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\msoert2.dll
[2013/08/20 21:39:18 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msoert2.dll
[2013/08/20 21:39:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\inetres.dll
[2013/08/20 21:39:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\inetres.dll
[2013/08/20 21:39:16 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\inetcomm.dll
[2013/08/20 21:39:15 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mstask.dll
[2013/08/20 21:39:15 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\schedsvc.dll
[2013/08/20 21:39:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mstinit.exe
[2013/08/20 21:39:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mstinit.exe
[2013/08/20 21:39:14 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\inetcfg.dll
[2013/08/20 21:39:14 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\inetcfg.dll
[2013/08/20 21:39:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\isign32.dll
[2013/08/20 21:39:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\isign32.dll
[2013/08/20 21:39:14 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\icwdial.dll
[2013/08/20 21:39:14 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\icwdial.dll
[2013/08/20 21:39:14 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\icwphbk.dll
[2013/08/20 21:39:14 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\icwphbk.dll
[2013/08/20 21:39:14 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\icwdl.dll
[2013/08/20 21:39:12 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\icwconn1.exe
[2013/08/20 21:39:12 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\icwconn2.exe
[2013/08/20 21:39:12 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\inetwiz.exe
[2013/08/20 21:38:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Documents\My Music
[2013/08/20 21:37:42 | 000,000,000 | R-SD | C] -- C:\WINDOWS\NEW\assembly
[2013/08/20 21:37:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Games
[2013/08/20 21:36:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Administrative Tools
[2013/08/20 21:36:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Registration
[2013/08/20 21:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Windows Digital Media Enhancements
[2013/08/20 21:35:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Microsoft.NET
[2013/08/20 21:35:04 | 001,742,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mypixdx.scr
[2013/08/20 21:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Plus
[2013/08/20 21:35:03 | 007,093,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\space.scr
[2013/08/20 21:35:02 | 004,396,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\wpgldfsh.scr
[2013/08/20 21:35:02 | 003,343,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\nature.scr
[2013/08/20 21:35:01 | 005,068,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\davinci.scr
[2013/08/20 21:34:57 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\igdetect.dll
[2013/08/20 21:34:18 | 000,462,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehsqqp20.dll
[2013/08/20 21:34:18 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehsqdb20.dll
[2013/08/20 21:34:18 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\bdatunepia.dll
[2013/08/20 21:34:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehsqse20.dll
[2013/08/20 21:34:18 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\medctrro.exe
[2013/08/20 21:34:18 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehmsas.exe
[2013/08/20 21:34:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Documents\My Pictures
[2013/08/20 21:34:13 | 001,370,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehchsime.dll
[2013/08/20 21:34:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehjpnime.dll
[2013/08/20 21:34:13 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehentt.dll
[2013/08/20 21:34:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehiuserxp.dll
[2013/08/20 21:34:12 | 003,219,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehshell.exe
[2013/08/20 21:34:12 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\EhCM.dll
[2013/08/20 21:34:12 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehui.dll
[2013/08/20 21:34:12 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehcommon.dll
[2013/08/20 21:34:12 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehdrop.dll
[2013/08/20 21:34:12 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehSched.exe
[2013/08/20 21:34:12 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehRec.exe
[2013/08/20 21:34:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehtray.exe
[2013/08/20 21:34:12 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehdebug.dll
[2013/08/20 21:34:08 | 008,843,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehres.dll
[2013/08/20 21:34:08 | 001,349,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehuihlp.dll
[2013/08/20 21:34:08 | 000,864,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehepg.dll
[2013/08/20 21:34:08 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehRecObj.dll
[2013/08/20 21:34:08 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehiProxy.dll
[2013/08/20 21:34:08 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehPlayer.dll
[2013/08/20 21:34:08 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehiVidCtl.dll
[2013/08/20 21:34:08 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehglid.dll
[2013/08/20 21:34:08 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehiPlay.dll
[2013/08/20 21:34:08 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\debugsvc.dll
[2013/08/20 21:34:08 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehepgdat.dll
[2013/08/20 21:34:08 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehCIR.dll
[2013/08/20 21:34:08 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehProxy.dll
[2013/08/20 21:34:08 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehepgdec.dll
[2013/08/20 21:34:08 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehepgnet.dll
[2013/08/20 21:34:07 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehiwmp.dll
[2013/08/20 21:34:07 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ehiExtens.dll
[2013/08/20 21:34:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\write.exe
[2013/08/20 21:34:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\write.exe
[2013/08/20 21:33:58 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\avtapi.dll
[2013/08/20 21:33:58 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\avtapi.dll
[2013/08/20 21:33:58 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\sndvol32.exe
[2013/08/20 21:33:58 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sndvol32.exe
[2013/08/20 21:33:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\avwav.dll
[2013/08/20 21:33:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\avwav.dll
[2013/08/20 21:33:58 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\NEW\System32\hticons.dll
[2013/08/20 21:33:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\avmeter.dll
[2013/08/20 21:33:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\avmeter.dll
[2013/08/20 21:33:57 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\winchat.exe
[2013/08/20 21:33:57 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winchat.exe
[2013/08/20 21:33:52 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\getuname.dll
[2013/08/20 21:33:52 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\getuname.dll
[2013/08/20 21:33:51 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\winmine.exe
[2013/08/20 21:33:51 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winmine.exe
[2013/08/20 21:33:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\calc.exe
[2013/08/20 21:33:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\calc.exe
[2013/08/20 21:33:51 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\charmap.exe
[2013/08/20 21:33:51 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\charmap.exe
[2013/08/20 21:33:51 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\sol.exe
[2013/08/20 21:33:51 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sol.exe
[2013/08/20 21:33:50 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mshearts.exe
[2013/08/20 21:33:50 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mshearts.exe
[2013/08/20 21:33:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\freecell.exe
[2013/08/20 21:33:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\freecell.exe
[2013/08/20 21:33:50 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\tsshutdn.exe
[2013/08/20 21:33:50 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tsshutdn.exe
[2013/08/20 21:33:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\tskill.exe
[2013/08/20 21:33:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tskill.exe
[2013/08/20 21:33:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\rwinsta.exe
[2013/08/20 21:33:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rwinsta.exe
[2013/08/20 21:33:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\tsdiscon.exe
[2013/08/20 21:33:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tsdiscon.exe
[2013/08/20 21:33:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\tscon.exe
[2013/08/20 21:33:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tscon.exe
[2013/08/20 21:33:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\shadow.exe
[2013/08/20 21:33:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\shadow.exe
[2013/08/20 21:33:50 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\reset.exe
[2013/08/20 21:33:50 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\reset.exe
[2013/08/20 21:33:49 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\regini.exe
[2013/08/20 21:33:49 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\regini.exe
[2013/08/20 21:33:49 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\qwinsta.exe
[2013/08/20 21:33:49 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\qwinsta.exe
[2013/08/20 21:33:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\msg.exe
[2013/08/20 21:33:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msg.exe
[2013/08/20 21:33:49 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mtsadmin.tlb
[2013/08/20 21:33:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\qappsrv.exe
[2013/08/20 21:33:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\qappsrv.exe
[2013/08/20 21:33:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cdmodem.dll
[2013/08/20 21:33:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\cdmodem.dll
[2013/08/20 21:33:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\logoff.exe
[2013/08/20 21:33:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\logoff.exe
[2013/08/20 21:33:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\comrereg.exe
[2013/08/20 21:33:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\rdpcfgex.dll
[2013/08/20 21:33:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rdpcfgex.dll
[2013/08/20 21:33:48 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\comsnap.dll
[2013/08/20 21:33:48 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\comsnap.dll
[2013/08/20 21:33:48 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\comrepl.dll
[2013/08/20 21:33:48 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\comrepl.dll
[2013/08/20 21:33:48 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\stclient.dll
[2013/08/20 21:33:48 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\stclient.dll
[2013/08/20 21:33:48 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmi2xml.dll
[2013/08/20 21:33:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\comaddin.dll
[2013/08/20 21:33:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\comaddin.dll
[2013/08/20 21:33:48 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mtxlegih.dll
[2013/08/20 21:33:48 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mtxlegih.dll
[2013/08/20 21:33:48 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mtxdm.dll
[2013/08/20 21:33:48 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mtxdm.dll
[2013/08/20 21:33:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\dcomcnfg.exe
[2013/08/20 21:33:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dcomcnfg.exe
[2013/08/20 21:33:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mtxex.dll
[2013/08/20 21:33:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mtxex.dll
[2013/08/20 21:33:45 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmipicmp.dll
[2013/08/20 21:33:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmimsg.dll
[2013/08/20 21:33:45 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmitimep.dll
[2013/08/20 21:33:44 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\updprov.dll
[2013/08/20 21:33:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tmplprov.dll
[2013/08/20 21:33:44 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemdisp.tlb
[2013/08/20 21:33:44 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\trnsprov.dll
[2013/08/20 21:33:44 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\smtpcons.dll
[2013/08/20 21:33:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemads.tlb
[2013/08/20 21:33:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\unsecapp.exe
[2013/08/20 21:33:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winmgmtr.dll
[2013/08/20 21:33:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\winmgmt.exe
[2013/08/20 21:33:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemads.dll
[2013/08/20 21:33:43 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msiprov.dll
[2013/08/20 21:33:43 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\dsprov.dll
[2013/08/20 21:33:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\fwdprov.dll
[2013/08/20 21:33:40 | 000,345,088 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\NEW\System32\hypertrm.dll
[2013/08/20 21:33:40 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\accwiz.exe
[2013/08/20 21:33:40 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\accwiz.exe
[2013/08/20 21:33:40 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\sndrec32.exe
[2013/08/20 21:33:40 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sndrec32.exe
[2013/08/20 21:33:40 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mplay32.exe
[2013/08/20 21:33:40 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mplay32.exe
[2013/08/20 21:33:40 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\access.cpl
[2013/08/20 21:33:40 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\access.cpl
[2013/08/20 21:33:39 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mspaint.exe
[2013/08/20 21:33:39 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mspaint.exe
[2013/08/20 21:33:39 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\clipbrd.exe
[2013/08/20 21:33:39 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\clipbrd.exe
[2013/08/20 21:33:38 | 000,655,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mstscax.dll
[2013/08/20 21:33:38 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\spider.exe
[2013/08/20 21:33:38 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\spider.exe
[2013/08/20 21:33:38 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mstsc.exe
[2013/08/20 21:33:38 | 000,139,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rdpwd.sys
[2013/08/20 21:33:38 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\tscfgwmi.dll
[2013/08/20 21:33:38 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tscfgwmi.dll
[2013/08/20 21:33:38 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\remotepg.dll
[2013/08/20 21:33:38 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tdtcp.sys
[2013/08/20 21:33:38 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\rdsaddin.exe
[2013/08/20 21:33:38 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rdsaddin.exe
[2013/08/20 21:33:38 | 000,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tdpipe.sys
[2013/08/20 21:33:37 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\termsrv.dll
[2013/08/20 21:33:37 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\rdchost.dll
[2013/08/20 21:33:37 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rdchost.dll
[2013/08/20 21:33:37 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\sessmgr.exe
[2013/08/20 21:33:37 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\rdpwsx.dll
[2013/08/20 21:33:37 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rdpwsx.dll
[2013/08/20 21:33:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\rdshost.exe
[2013/08/20 21:33:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rdshost.exe
[2013/08/20 21:33:37 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\rdpclip.exe
[2013/08/20 21:33:37 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rdpclip.exe
[2013/08/20 21:33:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\tscupgrd.exe
[2013/08/20 21:33:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\tscupgrd.exe
[2013/08/20 21:33:37 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cfgbkend.dll
[2013/08/20 21:33:37 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\cfgbkend.dll
[2013/08/20 21:33:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\qprocess.exe
[2013/08/20 21:33:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\qprocess.exe
[2013/08/20 21:33:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\rdpsnd.dll
[2013/08/20 21:33:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\rdpsnd.dll
[2013/08/20 21:33:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\icaapi.dll
[2013/08/20 21:33:36 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\msdtctm.dll
[2013/08/20 21:33:36 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msdtctm.dll
[2013/08/20 21:33:36 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\msdtcprx.dll
[2013/08/20 21:33:36 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msdtcprx.dll
[2013/08/20 21:33:36 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\msdtcuiu.dll
[2013/08/20 21:33:36 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msdtcuiu.dll
[2013/08/20 21:33:36 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mtxoci.dll
[2013/08/20 21:33:36 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\msdtclog.dll
[2013/08/20 21:33:36 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msdtclog.dll
[2013/08/20 21:33:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\xolehlp.dll
[2013/08/20 21:33:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\xolehlp.dll
[2013/08/20 21:33:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\msdtc.exe
[2013/08/20 21:33:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\MsDtc
[2013/08/20 21:33:35 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\catsrvut.dll
[2013/08/20 21:33:35 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\catsrv.dll
[2013/08/20 21:33:35 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\comadmin.dll
[2013/08/20 21:33:35 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\clbcatex.dll
[2013/08/20 21:33:35 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\clbcatex.dll
[2013/08/20 21:33:35 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\catsrvps.dll
[2013/08/20 21:33:35 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\catsrvps.dll
[2013/08/20 21:33:35 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\colbact.dll
[2013/08/20 21:33:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\comrepl.exe
[2013/08/20 21:33:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\Com
[2013/08/20 21:33:34 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\comsvcs.dll
[2013/08/20 21:33:34 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\comuid.dll
[2013/08/20 21:33:34 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\comuid.dll
[2013/08/20 21:33:34 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\clbcatq.dll
[2013/08/20 21:33:30 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmipcima.dll
[2013/08/20 21:33:30 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmisvc.dll
[2013/08/20 21:33:30 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmiprov.dll
[2013/08/20 21:33:30 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmidcprv.dll
[2013/08/20 21:33:30 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmipdskq.dll
[2013/08/20 21:33:30 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmiutils.dll
[2013/08/20 21:33:30 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmipjobj.dll
[2013/08/20 21:33:30 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmipiprt.dll
[2013/08/20 21:33:30 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmicookr.dll
[2013/08/20 21:33:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmipsess.dll
[2013/08/20 21:33:29 | 000,530,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemcore.dll
[2013/08/20 21:33:29 | 000,358,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmic.exe
[2013/08/20 21:33:29 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemess.dll
[2013/08/20 21:33:29 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemcomn.dll
[2013/08/20 21:33:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemupgd.dll
[2013/08/20 21:33:29 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmiadap.exe
[2013/08/20 21:33:29 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemcntl.dll
[2013/08/20 21:33:29 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemdisp.dll
[2013/08/20 21:33:29 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\viewprov.dll
[2013/08/20 21:33:29 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmiapsrv.exe
[2013/08/20 21:33:29 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemtest.exe
[2013/08/20 21:33:29 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmiaprpl.dll
[2013/08/20 21:33:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemcons.dll
[2013/08/20 21:33:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemsvc.dll
[2013/08/20 21:33:29 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wbemprox.dll
[2013/08/20 21:33:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\wmiapres.dll
[2013/08/20 21:33:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\provthrd.dll
[2013/08/20 21:33:28 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ntevt.dll
[2013/08/20 21:33:28 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\repdrvfs.dll
[2013/08/20 21:33:28 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mofd.dll
[2013/08/20 21:33:28 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\policman.dll
[2013/08/20 21:33:28 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\stdprov.dll
[2013/08/20 21:33:28 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\ncprov.dll
[2013/08/20 21:33:28 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\scrcons.exe
[2013/08/20 21:33:28 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\krnlprov.dll
[2013/08/20 21:33:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mofcomp.exe
[2013/08/20 21:33:27 | 001,352,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cimwin32.dll
[2013/08/20 21:33:27 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\esscli.dll
[2013/08/20 21:33:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\framedyn.dll
[2013/08/20 21:33:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\licwmi.dll
[2013/08/20 21:33:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\licwmi.dll
[2013/08/20 21:33:27 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\servdeps.dll
[2013/08/20 21:33:27 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\servdeps.dll
[2013/08/20 21:33:27 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\mmfutil.dll
[2013/08/20 21:33:27 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\mmfutil.dll
[2013/08/20 21:33:26 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\cmprops.dll
[2013/08/20 21:33:26 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\cmprops.dll
[2013/08/20 21:33:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Documents\My Videos
[2013/08/20 21:32:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Accessories
[2013/08/20 14:27:35 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\drivers\enum1394.sys
[2013/08/20 14:27:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\usbui.dll
[2013/08/20 14:26:33 | 000,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\drivers\battc.sys
[2013/08/20 14:22:51 | 000,000,000 | -HSD | C] -- C:\WINDOWS\NEW\Installer
[2013/08/20 14:22:41 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt041f.dll
[2013/08/20 14:22:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0419.dll
[2013/08/20 14:22:40 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdtuq.dll
[2013/08/20 14:22:40 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdtuf.dll
[2013/08/20 14:22:40 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdtuq.dll
[2013/08/20 14:22:40 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdtuf.dll
[2013/08/20 14:22:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdazel.dll
[2013/08/20 14:22:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdazel.dll
[2013/08/20 14:22:38 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0408.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdycc.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbduzb.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdur.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdtat.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdru1.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdru.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdmon.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdkyr.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdkaz.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdbu.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdblr.dll
[2013/08/20 14:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdaze.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdycc.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbduzb.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdur.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdtat.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdru1.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdru.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdmon.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdkyr.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdkaz.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdbu.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdblr.dll
[2013/08/20 14:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdaze.dll
[2013/08/20 14:22:37 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdhept.dll
[2013/08/20 14:22:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdhept.dll
[2013/08/20 14:22:37 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdhela3.dll
[2013/08/20 14:22:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdhela3.dll
[2013/08/20 14:22:37 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdhela2.dll
[2013/08/20 14:22:37 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdgkl.dll
[2013/08/20 14:22:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdhela2.dll
[2013/08/20 14:22:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdgkl.dll
[2013/08/20 14:22:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdhe319.dll
[2013/08/20 14:22:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdhe220.dll
[2013/08/20 14:22:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdhe.dll
[2013/08/20 14:22:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdhe319.dll
[2013/08/20 14:22:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdhe220.dll
[2013/08/20 14:22:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdhe.dll
[2013/08/20 14:22:36 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdlt1.dll
[2013/08/20 14:22:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdlt1.dll
[2013/08/20 14:22:35 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt040e.dll
[2013/08/20 14:22:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0415.dll
[2013/08/20 14:22:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\agt0405.dll
[2013/08/20 14:22:35 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdlv1.dll
[2013/08/20 14:22:35 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdlv.dll
[2013/08/20 14:22:35 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdest.dll
[2013/08/20 14:22:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdlv1.dll
[2013/08/20 14:22:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdlv.dll
[2013/08/20 14:22:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdest.dll
[2013/08/20 14:22:35 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdlt.dll
[2013/08/20 14:22:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdlt.dll
[2013/08/20 14:22:34 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdcz.dll
[2013/08/20 14:22:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdcz.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdycl.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdsl1.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdsl.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdpl.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdhu.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdcz2.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdcz1.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdcr.dll
[2013/08/20 14:22:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\KBDAL.DLL
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdycl.dll
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdsl1.dll
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdsl.dll
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdpl.dll
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdhu.dll
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdcz2.dll
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdcz1.dll
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdcr.dll
[2013/08/20 14:22:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdal.dll
[2013/08/20 14:22:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdro.dll
[2013/08/20 14:22:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdpl1.dll
[2013/08/20 14:22:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\kbdhu1.dll
[2013/08/20 14:22:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdro.dll
[2013/08/20 14:22:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdpl1.dll
[2013/08/20 14:22:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\kbdhu1.dll
[2013/08/20 14:22:31 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\NEW\System32\dllcache\dgrpsetu.dll
[2013/08/20 14:22:31 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\NEW\System32\dgrpsetu.dll
[2013/08/20 14:22:31 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\NEW\System32\dllcache\dgsetup.dll
[2013/08/20 14:22:31 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\NEW\System32\dgsetup.dll
[2013/08/20 14:22:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\irclass.dll
[2013/08/20 14:22:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\irclass.dll
[2013/08/20 14:22:30 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\MSVIDEO.DLL
[2013/08/20 14:22:30 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\NEW\System32\EqnClass.Dll
[2013/08/20 14:22:30 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\NEW\System32\dllcache\eqnclass.dll
[2013/08/20 14:22:30 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\OLECLI.DLL
[2013/08/20 14:22:30 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\NEW\System32\spxcoins.dll
[2013/08/20 14:22:30 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\NEW\System32\dllcache\spxcoins.dll
[2013/08/20 14:22:30 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\OLESVR.DLL
[2013/08/20 14:22:30 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\TAPI.DLL
[2013/08/20 14:22:30 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\WFWNET.DRV
[2013/08/20 14:22:30 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\VER.DLL
[2013/08/20 14:22:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\SHELL.DLL
[2013/08/20 14:22:30 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\TIMER.DRV
[2013/08/20 14:22:30 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\SYSTEM.DRV
[2013/08/20 14:22:30 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\VGA.DRV
[2013/08/20 14:22:30 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\SOUND.DRV
[2013/08/20 14:22:29 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\AVIFILE.DLL
[2013/08/20 14:22:29 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\MCIAVI.DRV
[2013/08/20 14:22:29 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\AVICAP.DLL
[2013/08/20 14:22:29 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\COMMDLG.DLL
[2013/08/20 14:22:29 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\MCIWAVE.DRV
[2013/08/20 14:22:29 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\MCISEQ.DRV
[2013/08/20 14:22:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\TASKMAN.EXE
[2013/08/20 14:22:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\taskman.exe
[2013/08/20 14:22:29 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\LZEXPAND.DLL
[2013/08/20 14:22:29 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\MOUSE.DRV
[2013/08/20 14:22:29 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\KEYBOARD.DRV
[2013/08/20 14:22:29 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\MMTASK.TSK
[2013/08/20 14:22:28 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\WINSPOOL.DRV
[2013/08/20 14:22:28 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System\MMSYSTEM.DLL
[2013/08/20 14:22:28 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\irenum.sys
[2013/08/20 14:22:28 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\dllcache\batt.dll
[2013/08/20 14:22:28 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\batt.dll
[2013/08/20 14:22:25 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NEW\System32\storprop.dll
[2013/08/20 14:22:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Startup
[2013/08/20 14:22:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Start Menu
[2013/08/20 14:22:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.NEW\Documents
[2013/08/20 14:22:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.NEW\Templates
[2013/08/20 14:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.NEW\Favorites
[2013/08/20 14:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.NEW\Desktop
[2013/08/20 14:21:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\CatRoot2
[2013/08/20 14:21:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\CatRoot
[2013/08/20 14:21:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.NEW\Application Data\Microsoft
[2013/08/20 14:21:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users.NEW\Application Data
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\WinSxS
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\usmt
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Provisioning
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\PeerNet
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\mui
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\inetsrv
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\IME
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\ime
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\ehome
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\3com_dmi
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\3076
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\2052
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\1054
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\1042
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\1041
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\1037
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\1033
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\1031
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\1028
[2013/08/20 14:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\1025
[2013/08/20 14:11:47 | 000,000,000 | R-SD | C] -- C:\WINDOWS\NEW\Fonts
[2013/08/20 14:11:47 | 000,000,000 | RHSD | C] -- C:\WINDOWS\NEW\System32\dllcache
[2013/08/20 14:11:47 | 000,000,000 | R--D | C] -- C:\WINDOWS\NEW\Web
[2013/08/20 14:11:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\NEW\inf
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\wins
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\wbem
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\twain_32
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Temp
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\system32
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\system
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\spool
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\ShellExt
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\Setup
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\security
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Resources
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\repair
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\ras
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\pchealth
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\oobe
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\npp
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\mui
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\msapps
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\msagent
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Media
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\java
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\icsxml
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\ias
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Help
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\export
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\drivers\etc
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\drivers
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Driver Cache
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\drivers\disdn
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\dhcp
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\dell
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Debug
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Cursors
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Connection Wizard
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\System32\config
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\Config
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\AppPatch
[2013/08/20 14:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW\addins
[2013/08/16 16:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/07/27 10:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/07/27 07:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[5 C:\WINDOWS\NEW\*.tmp files -> C:\WINDOWS\NEW\*.tmp -> ]
[1 C:\WINDOWS\NEW\System32\*.tmp files -> C:\WINDOWS\NEW\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/23 18:48:45 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\NEW\System32\drivers\mbamswissarmy.sys
[2013/08/23 18:44:39 | 000,380,918 | ---- | M] () -- C:\WINDOWS\NEW\System32\perfh009.dat
[2013/08/23 18:44:39 | 000,053,166 | ---- | M] () -- C:\WINDOWS\NEW\System32\perfc009.dat
[2013/08/23 18:40:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\NEW\bootstat.dat
[2013/08/23 17:54:48 | 000,002,278 | ---- | M] () -- C:\WINDOWS\NEW\System32\wpa.dbl
[2013/08/23 17:54:29 | 177,668,096 | ---- | M] () -- C:\WINDOWS\NEW\MEMORY.DMP
[2013/08/23 14:45:35 | 2136,969,216 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/21 10:41:50 | 009,167,352 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Desktop\HitmanPro.exe
[2013/08/21 10:26:07 | 000,093,480 | ---- | M] () -- C:\WINDOWS\NEW\System32\FNTCACHE.DAT
[2013/08/20 22:24:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\NEW\WMSysPr9.prx
[2013/08/20 22:19:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\NEW\imsins.BAK
[2013/08/20 22:15:18 | 000,001,454 | ---- | M] () -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Desktop\Media Center.lnk
[2013/08/20 22:04:59 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users.NEW\Desktop\ESPN Motion.lnk
[2013/08/20 22:04:52 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Local Settings\Application Data\fusioncache.dat
[2013/08/20 21:51:22 | 000,008,192 | ---- | M] () -- C:\WINDOWS\NEW\REGLOCS.OLD
[2013/08/20 21:49:28 | 000,000,629 | ---- | M] () -- C:\WINDOWS\NEW\System32\$winnt$.inf
[2013/08/20 21:44:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\NEW\System32\CONFIG.NT
[2013/08/20 21:44:09 | 000,023,392 | ---- | M] () -- C:\WINDOWS\NEW\System32\nscompat.tlb
[2013/08/20 21:44:09 | 000,016,832 | ---- | M] () -- C:\WINDOWS\NEW\System32\amcompat.tlb
[2013/08/20 21:43:39 | 000,004,337 | ---- | M] () -- C:\WINDOWS\NEW\ODBCINST.INI
[2013/08/20 21:37:03 | 000,021,640 | ---- | M] () -- C:\WINDOWS\NEW\System32\emptyregdb.dat
[2013/08/20 21:33:17 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[5 C:\WINDOWS\NEW\*.tmp files -> C:\WINDOWS\NEW\*.tmp -> ]
[1 C:\WINDOWS\NEW\System32\*.tmp files -> C:\WINDOWS\NEW\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/21 10:26:05 | 177,668,096 | ---- | C] () -- C:\WINDOWS\NEW\MEMORY.DMP
[2013/08/20 22:22:43 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Media Center.lnk
[2013/08/20 22:15:18 | 000,001,454 | ---- | C] () -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Desktop\Media Center.lnk
[2013/08/20 22:04:59 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users.NEW\Desktop\ESPN Motion.lnk
[2013/08/20 22:04:52 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Local Settings\Application Data\fusioncache.dat
[2013/08/20 21:52:08 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Start Menu\Programs\Remote Assistance.lnk
[2013/08/20 21:52:08 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.ERIC-2894F89078\Start Menu\Programs\Windows Media Player.lnk
[2013/08/20 21:51:22 | 000,008,192 | ---- | C] () -- C:\WINDOWS\NEW\REGLOCS.OLD
[2013/08/20 21:49:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\NEW\bootstat.dat
[2013/08/20 21:47:43 | 000,175,104 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\pintlcsa.dll
[2013/08/20 21:47:08 | 001,158,818 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\korwbrkr.lex
[2013/08/20 21:46:57 | 000,059,392 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\imscinst.exe
[2013/08/20 21:46:56 | 000,196,665 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\imjpinst.exe
[2013/08/20 21:46:55 | 000,134,339 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\imekr.lex
[2013/08/20 21:46:48 | 013,463,552 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\hwxjpn.dll
[2013/08/20 21:46:44 | 000,108,827 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\hanja.lex
[2013/08/20 21:46:39 | 000,094,208 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\fpencode.dll
[2013/08/20 21:46:19 | 000,173,568 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\chtskf.dll
[2013/08/20 21:44:20 | 000,002,577 | ---- | C] () -- C:\WINDOWS\NEW\System32\CONFIG.NT
[2013/08/20 21:44:09 | 000,023,392 | ---- | C] () -- C:\WINDOWS\NEW\System32\nscompat.tlb
[2013/08/20 21:44:09 | 000,016,832 | ---- | C] () -- C:\WINDOWS\NEW\System32\amcompat.tlb
[2013/08/20 21:44:08 | 000,316,640 | ---- | C] () -- C:\WINDOWS\NEW\WMSysPr9.prx
[2013/08/20 21:40:47 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Windows Movie Maker.lnk
[2013/08/20 21:40:20 | 004,399,505 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\nls302en.lex
[2013/08/20 21:39:50 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\NEW\winnt256.bmp
[2013/08/20 21:39:50 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\NEW\winnt.bmp
[2013/08/20 21:39:45 | 000,000,984 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\srframe.mmf
[2013/08/20 21:39:26 | 000,376,320 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\msinfo.dll
[2013/08/20 21:37:10 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Windows Messenger.lnk
[2013/08/20 21:37:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\NEW\System32\emptyregdb.dat
[2013/08/20 21:35:58 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users.NEW\Start Menu\Programs\MSN.lnk
[2013/08/20 21:35:04 | 000,011,452 | ---- | C] () -- C:\WINDOWS\NEW\System32\mypixdx.chm
[2013/08/20 21:34:13 | 010,604,352 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\ehcir.ird
[2013/08/20 21:33:53 | 000,065,954 | ---- | C] () -- C:\WINDOWS\NEW\Prairie Wind.bmp
[2013/08/20 21:33:53 | 000,065,832 | ---- | C] () -- C:\WINDOWS\NEW\Santa Fe Stucco.bmp
[2013/08/20 21:33:53 | 000,026,680 | ---- | C] () -- C:\WINDOWS\NEW\River Sumida.bmp
[2013/08/20 21:33:53 | 000,026,582 | ---- | C] () -- C:\WINDOWS\NEW\Greenstone.bmp
[2013/08/20 21:33:53 | 000,017,362 | ---- | C] () -- C:\WINDOWS\NEW\Rhododendron.bmp
[2013/08/20 21:33:53 | 000,017,336 | ---- | C] () -- C:\WINDOWS\NEW\Gone Fishing.bmp
[2013/08/20 21:33:53 | 000,009,522 | ---- | C] () -- C:\WINDOWS\NEW\Zapotec.bmp
[2013/08/20 21:33:52 | 000,065,978 | ---- | C] () -- C:\WINDOWS\NEW\Soap Bubbles.bmp
[2013/08/20 21:33:52 | 000,017,062 | ---- | C] () -- C:\WINDOWS\NEW\Coffee Bean.bmp
[2013/08/20 21:33:52 | 000,016,730 | ---- | C] () -- C:\WINDOWS\NEW\FeatherTexture.bmp
[2013/08/20 21:33:52 | 000,001,272 | ---- | C] () -- C:\WINDOWS\NEW\Blue Lace 16.bmp
[2013/08/20 21:33:50 | 000,003,286 | ---- | C] () -- C:\WINDOWS\NEW\System32\tslabels.h
[2013/08/20 21:33:50 | 000,001,161 | ---- | C] () -- C:\WINDOWS\NEW\System32\usrlogon.cmd
[2013/08/20 21:33:49 | 000,000,768 | ---- | C] () -- C:\WINDOWS\NEW\System32\msdtcprf.h
[2013/08/20 21:33:43 | 000,063,488 | ---- | C] () -- C:\WINDOWS\NEW\System32\wmimgmt.msc
[2013/08/20 14:22:56 | 000,001,374 | ---- | C] () -- C:\WINDOWS\NEW\imsins.BAK
[2013/08/20 14:22:48 | 000,004,337 | ---- | C] () -- C:\WINDOWS\NEW\ODBCINST.INI
[2013/08/20 14:22:29 | 000,001,688 | ---- | C] () -- C:\WINDOWS\NEW\System32\AUTOEXEC.NT
[2013/08/20 14:22:03 | 000,141,702 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\netfx.cat
[2013/08/20 14:22:03 | 000,130,715 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\mediactr.cat
[2013/08/20 14:22:03 | 000,110,116 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\tabletpc.cat
[2013/08/20 14:22:03 | 000,077,881 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\plus.cat
[2013/08/20 14:22:03 | 000,037,484 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\MW770.CAT
[2013/08/20 14:22:03 | 000,031,281 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\FP4.CAT
[2013/08/20 14:22:03 | 000,024,209 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\msn7.cat
[2013/08/20 14:22:03 | 000,017,916 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\sonic.cat
[2013/08/20 14:22:03 | 000,013,753 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\IMS.CAT
[2013/08/20 14:22:03 | 000,013,472 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\HPCRDP.CAT
[2013/08/20 14:22:03 | 000,011,651 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\msn9.cat
[2013/08/20 14:22:03 | 000,009,581 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\MSMSGS.CAT
[2013/08/20 14:22:03 | 000,008,574 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\IASNT4.CAT
[2013/08/20 14:22:03 | 000,007,710 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\OEMBIOS.CAT
[2013/08/20 14:22:03 | 000,007,334 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\wmerrenu.cat
[2013/08/20 14:22:03 | 000,007,245 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\MSTSWEB.CAT
[2013/08/20 14:22:02 | 002,008,817 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\NT5.CAT
[2013/08/20 14:22:02 | 000,797,189 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\NT5IIS.CAT
[2013/08/20 14:22:02 | 000,505,647 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\NT5INF.CAT
[2013/08/20 14:22:02 | 000,399,645 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\MAPIMIG.CAT
[2013/08/20 14:22:02 | 000,106,147 | ---- | C] () -- C:\WINDOWS\NEW\System32\dllcache\SP2.CAT
[2013/08/20 14:20:59 | 000,093,480 | ---- | C] () -- C:\WINDOWS\NEW\System32\FNTCACHE.DAT
[2013/08/20 14:19:57 | 000,000,629 | ---- | C] () -- C:\WINDOWS\NEW\System32\$winnt$.inf
[2013/07/27 09:07:30 | 2136,969,216 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/11 18:09:18 | 000,591,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-101352598-1718382687-2486076142-1005-0.dat
[2011/12/26 05:32:54 | 000,277,882 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2008/07/17 19:42:39 | 070,492,160 | ---- | C] () -- C:\Program Files\sym11_32.exe
[2008/07/17 18:38:19 | 535,003,136 | ---- | C] () -- C:\Program Files\msoffice2007.exe

========== ZeroAccess Check ==========

[2013/08/20 21:37:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\NEW\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2006/03/30 02:27:01 | 001,495,040 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\NEW\system32\wbem\fastprox.dll -- [2004/08/10 04:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\NEW\system32\wbem\wbemess.dll -- [2004/08/10 04:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#7
ericthefish

ericthefish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
AAAggh! Sorry, posted the old one again!

Here is the result from the correct scan:
OTL logfile created on: 8/27/2013 11:48:10 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 10.36 Gb Free Space | 13.91% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (gusvc)
SRV - File not found [On_Demand] -- -- (gupdatem) Google Update Service (gupdatem)
SRV - File not found [Auto] -- -- (gupdate) Google Update Service (gupdate)
SRV - File not found [On_Demand] -- -- (GoogleDesktopManager-010708-104812)
SRV - [2013/08/16 19:59:18 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/11 12:21:45 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/01 09:58:31 | 000,248,320 | -HS- | M] () [Auto] -- C:\Program Files\Google\Desktop\Install\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\ \ \ﯹ๛\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\GoogleUpdate.exe [WARNING: C:\Program Files\Google\Desktop\Install\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\ \ \???\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\GoogleUpdate.exe] -- (etadpug) Google Update Service (gupdate)
SRV - [2013/05/08 02:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/04/25 16:54:10 | 000,335,168 | ---- | M] (IObit) [Auto] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Auto] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/10/18 13:08:41 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/04/29 15:51:58 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/04/29 15:51:58 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/04/29 15:51:56 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/04/29 15:51:54 | 002,475,392 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/04/29 15:51:54 | 002,234,296 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/02/22 13:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/12/05 18:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/11/08 23:50:10 | 001,552,384 | ---- | M] () [Auto] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/09/13 15:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 18:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/08/31 18:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/07/25 17:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2003/08/08 19:29:18 | 000,106,496 | ---- | M] (BRIGADOON SOFTWARE INC.) [Auto] -- C:\WINDOWS\system32\tskman.exe -- (Task Manager Lite)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SMNDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2013/08/20 20:37:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/06/17 04:00:00 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130818.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/06/17 04:00:00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130818.019\NAVENG.SYS -- (NAVENG)
DRV - [2013/05/22 18:49:32 | 000,014,776 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2013/03/26 19:37:12 | 000,017,360 | ---- | M] (IObit.com) [Kernel | On_Demand] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2013/03/26 19:37:10 | 000,031,520 | ---- | M] (IObit.com) [Kernel | On_Demand] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2013/03/23 15:51:42 | 000,247,968 | ---- | M] (IObit) [File_System | On_Demand] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2012/10/18 08:25:30 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/09 04:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/14 19:00:30 | 000,052,312 | ---- | M] (NCH Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stdriver32.sys -- (stdriver)
DRV - [2011/03/16 19:00:46 | 000,140,848 | ---- | M] (IObit Information Technology) [File_System | Auto] -- C:\Program Files\IObit\Protected Folder\pffilter.sys -- (PfFilter)
DRV - [2010/06/22 18:01:52 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/04/13 02:00:20 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/04/13 02:00:20 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/04/13 02:00:18 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/06/10 15:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/07/17 22:45:50 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/04/29 15:51:58 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/04/29 15:51:58 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/04/29 15:51:58 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/04/29 15:51:50 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/12/05 18:24:44 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/28 17:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/11/06 13:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/09/10 10:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 10:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2007/09/06 10:18:40 | 000,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
DRV - [2007/08/12 19:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/05/29 16:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/04/26 15:29:30 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007/04/26 15:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/04/26 15:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/04/26 15:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/26 15:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2007/04/26 15:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/26 15:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/04/26 15:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2007/04/25 08:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/04/24 11:33:50 | 000,007,680 | ---- | M] (ArcSoft Inc.) [Recognizer | System] -- C:\WINDOWS\System32\drivers\ArcRec.sys -- (ArcRec)
DRV - [2007/03/13 00:26:06 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/17 07:00:42 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/12/19 15:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 13:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...9-0021864884E0}
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080711
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080711


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080711
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080711
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080711
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080711
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\EricB_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080711
IE - HKU\EricB_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\EricB_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\EricB_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\EricB_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\EricB_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\EricB_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\EricB_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\EricB_ON_C\..\URLSearchHook: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - Reg Error: Key error. File not found
IE - HKU\EricB_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\EricB_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin:
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0:
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/12 09:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/16 19:54:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/16 19:55:35 | 000,000,000 | ---D | M]

[2013/08/16 19:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/16 19:54:44 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/08/16 19:54:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/16 19:59:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/30 09:34:27 | 000,080,184 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2012/03/30 09:34:30 | 000,586,040 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2009/10/29 10:43:38 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2009/10/29 10:43:50 | 000,099,216 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2009/10/29 10:41:52 | 000,061,840 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2008/06/27 16:03:12 | 001,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2013/05/11 06:37:28 | 000,209,472 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/08/07 21:41:31 | 000,126,976 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2012/10/18 13:25:11 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2012/10/18 13:25:11 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2012/10/18 13:25:11 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2012/10/18 13:25:11 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2012/10/18 13:25:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2012/10/18 13:25:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2012/10/18 13:25:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7aeae561-714b-45f6-ace3-4a8aed6e227b} - No CLSID value found.
O2 - BHO: (no name) - {878B8524-AED5-4870-9A96-A515440DAC75} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7aeae561-714b-45f6-ace3-4a8aed6e227b} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\EricB_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\EricB_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\EricB_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [DisplaySwitch] C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe ()
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [PowerDVD DX] File not found
O4 - HKU\.DEFAULT..\Run: [Sun] C:\Documents and Settings\EricB\Local Settings\Application Data\CRE\Sun\fagcbo.dll (CANON INC.)
O4 - HKU\.DEFAULT..\Run: [Temp] File not found
O4 - HKU\.DEFAULT..\Run: [VisualBeeExe] C:\Documents and Settings\EricB\Local Settings\Application Data\Apple\VisualBeeExe\dgehneapae.dll (CANON INC.)
O4 - HKU\EricB_ON_C..\Run: [Adobe CSS5.1 Manager] C:\Documents and Settings\EricB\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad\eeebebad.exe ()
O4 - HKU\EricB_ON_C..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\EricB_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\EricB_ON_C..\Run: [Decisioneering Update] C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKU\EricB_ON_C..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKU\EricB_ON_C..\Run: [PowerDVD DX] File not found
O4 - HKU\EricB_ON_C..\Run: [Sun] C:\Documents and Settings\EricB\Local Settings\Application Data\CRE\Sun\fagcbo.dll (CANON INC.)
O4 - HKU\EricB_ON_C..\Run: [VisualBeeExe] C:\Documents and Settings\EricB\Local Settings\Application Data\Apple\VisualBeeExe\dgehneapae.dll (CANON INC.)
O4 - HKU\LocalService_ON_C..\Run: [Adobe CSS5.1 Manager] C:\Documents and Settings\LocalService\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad\eeebebad.exe ()
O4 - HKU\LocalService_ON_C..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [PowerDVD DX] File not found
O4 - HKU\LocalService_ON_C..\Run: [Sun] C:\Documents and Settings\EricB\Local Settings\Application Data\CRE\Sun\fagcbo.dll (CANON INC.)
O4 - HKU\LocalService_ON_C..\Run: [Temp] File not found
O4 - HKU\LocalService_ON_C..\Run: [VisualBeeExe] C:\Documents and Settings\EricB\Local Settings\Application Data\Apple\VisualBeeExe\dgehneapae.dll (CANON INC.)
O4 - HKU\NetworkService_ON_C..\Run: [Adobe CSS5.1 Manager] C:\Documents and Settings\NetworkService\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad\eeebebad.exe ()
O4 - HKU\NetworkService_ON_C..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [PowerDVD DX] File not found
O4 - HKU\NetworkService_ON_C..\Run: [Sun] C:\Documents and Settings\EricB\Local Settings\Application Data\CRE\Sun\fagcbo.dll (CANON INC.)
O4 - HKU\NetworkService_ON_C..\Run: [Temp] File not found
O4 - HKU\NetworkService_ON_C..\Run: [VisualBeeExe] C:\Documents and Settings\EricB\Local Settings\Application Data\Apple\VisualBeeExe\dgehneapae.dll (CANON INC.)
O4 - HKU\EricB_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\LocalService_ON_C..\RunOnce: [Adobe CSS5.1 Manager] C:\Documents and Settings\LocalService\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad\eeebebad.exe ()
O4 - HKU\NetworkService_ON_C..\RunOnce: [Adobe CSS5.1 Manager] C:\Documents and Settings\NetworkService\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad\eeebebad.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\EricB_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\EricB_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\EricB_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: eeebebad = C:\Documents and Settings\EricB\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad\eeebebad.exe ()
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\EricB_ON_C Winlogon: Shell - (C:\Documents and Settings\EricB\Application Data\dbu32.ocx) - C:\Documents and Settings\EricB\Application Data\dbu32.ocx ()
O20 - HKU\EricB_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2013/08/24 02:04:15 | 000,000,000 | ---D | C] -- C:\Inetpub
[2013/08/21 09:05:13 | 000,000,000 | ---D | C] -- C:\FRST
[2013/08/21 01:13:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/08/21 01:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\RGB
[2013/08/21 01:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\DIGStream
[2013/08/21 01:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESPNMotion
[2013/08/21 01:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\GemMaster
[2013/08/21 01:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\EnglishOtto
[2013/08/21 00:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Plus
[2013/08/20 20:28:58 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/08/20 17:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NEW
[2013/08/16 19:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/07/31 21:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EricB\Local Settings\Application Data\Decisioneering
[2013/07/31 21:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\xdus
[2013/07/29 09:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EricB\Local Settings\Application Data\Cyberlink
[2013/07/28 08:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EricB\Desktop\Old Firefox Data
[2013/07/27 13:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/07/27 12:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\tasks\TaskDisabled
[2013/07/27 10:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/07/07 16:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/07/07 16:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EricB\Application Data\SearchProtect
[2013/07/07 16:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\OtShot
[2013/07/07 16:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330
[2013/07/07 14:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EricB\Application Data\Malwarebytes
[2013/07/07 14:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/07 14:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/07/07 14:47:47 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/07/07 14:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/06 19:10:00 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/07/06 16:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad
[2013/07/06 16:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad
[2013/07/06 15:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EricB\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2013/08/27 23:46:14 | 000,000,323 | -HS- | M] () -- C:\boot.ini
[2013/08/23 22:21:49 | 000,010,250 | ---- | M] () -- C:\WINDOWS\cuwsvca.wsh
[2013/08/23 22:19:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce4ebe3f250d8e.job
[2013/08/23 22:19:17 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2013/08/23 22:19:17 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\ASC6_AutoClean.job
[2013/08/23 22:19:17 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2013/08/23 22:18:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/23 22:18:01 | 2136,969,216 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/23 17:46:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/20 20:41:41 | 000,122,685 | ---- | M] () -- C:\WINDOWS\zjy.nth
[2013/08/20 20:37:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/08/20 20:23:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/20 20:20:59 | 200,249,344 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/08/20 07:51:24 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/08/20 07:51:09 | 000,350,795 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2013/08/20 07:40:51 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
[2013/08/20 07:34:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/20 07:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/08/18 12:14:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2013/08/17 16:45:54 | 001,169,395 | ---- | M] () -- C:\Documents and Settings\EricB\Desktop\IMG_1034.MOV
[2013/08/17 16:45:37 | 000,474,841 | ---- | M] () -- C:\Documents and Settings\EricB\Desktop\IMG_1030.MOV
[2013/08/15 16:36:05 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/08/13 14:45:57 | 000,105,561 | ---- | M] () -- C:\Documents and Settings\EricB\Desktop\yard sale.pdf
[2013/08/11 12:21:44 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/11 12:21:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/10 12:45:14 | 000,277,882 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/08/04 15:13:22 | 000,285,754 | ---- | M] () -- C:\WINDOWS\cmi.iuu
[2013/08/04 14:17:13 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\EricB\out.bin
[2013/07/31 21:26:15 | 000,069,484 | ---- | M] () -- C:\WINDOWS\qnqr.prp
[2013/07/27 13:28:48 | 000,591,112 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-101352598-1718382687-2486076142-1005-0.dat
[2013/07/27 13:06:35 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\EricB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/27 13:06:29 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/27 13:06:29 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/27 12:25:46 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2013/07/27 12:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/07/27 12:02:41 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
[2013/07/27 12:02:41 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk
[2013/07/27 12:02:40 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\EricB\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 6.lnk
[2013/07/27 12:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 6
[2013/07/07 22:00:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2013/07/07 16:30:22 | 000,000,009 | ---- | M] () -- C:\END
[2013/07/07 14:47:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/07 14:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/07 09:07:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\googleupdate340139.exe
[2013/07/07 09:06:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\acrobatreader890357.exe
[2013/07/07 09:06:49 | 000,320,512 | ---- | M] () -- C:\Documents and Settings\EricB\notepad798658.exe
[2013/07/07 09:06:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\vlcplayer229362.exe
[2013/07/07 09:06:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\conhost637474.exe
[2013/07/06 18:40:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\windowsupdate989896.exe
[2013/07/06 18:39:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\java.exe
[2013/07/06 18:17:10 | 000,320,512 | ---- | M] () -- C:\Documents and Settings\EricB\jucheck.exe
[2013/07/06 18:16:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\flashplayer.exe
[2013/07/06 17:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2013/07/06 17:53:36 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\DoxillionReminder.job
[2013/07/06 17:53:36 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\DoxillionDowngrade.job
[2013/07/06 16:47:12 | 000,000,344 | -H-- | M] () -- C:\WINDOWS\tasks\{64DABBA6-FF6F-4D60-A5AE-907B2830DF74}.job
[2013/07/06 16:12:55 | 000,000,368 | -H-- | M] () -- C:\WINDOWS\tasks\{D8CB5D99-28F5-4E8E-9880-585F332A9A5A}.job
[2013/07/06 16:02:01 | 000,320,512 | ---- | M] () -- C:\Documents and Settings\EricB\mstsc.exe
[2013/07/06 16:01:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\alg.exe
[2013/07/06 16:01:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\jqs.exe
[2013/07/06 16:01:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\skype.exe
[2013/07/06 15:53:21 | 000,320,512 | ---- | M] () -- C:\Documents and Settings\EricB\vlcplayer.exe
[2013/07/06 15:53:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\acrobatreader.exe
[2013/07/06 15:53:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\opera.exe
[2013/07/06 15:38:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\msconfig.exe
[2013/07/06 15:35:14 | 000,000,338 | -H-- | M] () -- C:\WINDOWS\tasks\{79F3FA33-EC00-4BA6-A142-6C18B3151625}.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/20 07:51:24 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/08/20 07:51:06 | 000,350,795 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2013/08/20 07:40:53 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
[2013/08/17 16:45:49 | 001,169,395 | ---- | C] () -- C:\Documents and Settings\EricB\Desktop\IMG_1034.MOV
[2013/08/17 16:45:15 | 000,474,841 | ---- | C] () -- C:\Documents and Settings\EricB\Desktop\IMG_1030.MOV
[2013/08/13 14:45:57 | 000,105,561 | ---- | C] () -- C:\Documents and Settings\EricB\Desktop\yard sale.pdf
[2013/08/04 14:17:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\EricB\out.bin
[2013/07/31 21:25:45 | 000,285,754 | ---- | C] () -- C:\WINDOWS\cmi.iuu
[2013/07/31 21:25:45 | 000,069,484 | ---- | C] () -- C:\WINDOWS\qnqr.prp
[2013/07/31 21:25:38 | 000,122,685 | ---- | C] () -- C:\WINDOWS\zjy.nth
[2013/07/31 21:22:13 | 000,010,250 | ---- | C] () -- C:\WINDOWS\cuwsvca.wsh
[2013/07/27 13:06:35 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\EricB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/27 13:06:29 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/27 13:06:29 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/27 12:23:30 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\ASC6_AutoClean.job
[2013/07/27 12:07:30 | 2136,969,216 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/07 14:47:53 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/07 09:07:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\googleupdate340139.exe
[2013/07/07 09:06:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\acrobatreader890357.exe
[2013/07/07 09:06:47 | 000,320,512 | ---- | C] () -- C:\Documents and Settings\EricB\notepad798658.exe
[2013/07/07 09:06:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\vlcplayer229362.exe
[2013/07/07 09:06:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\conhost637474.exe
[2013/07/06 18:40:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\windowsupdate989896.exe
[2013/07/06 18:39:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\java.exe
[2013/07/06 18:17:08 | 000,320,512 | ---- | C] () -- C:\Documents and Settings\EricB\jucheck.exe
[2013/07/06 18:16:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\flashplayer.exe
[2013/07/06 17:57:31 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2013/07/06 17:53:35 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\DoxillionReminder.job
[2013/07/06 17:53:35 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\DoxillionDowngrade.job
[2013/07/06 16:13:44 | 000,000,344 | -H-- | C] () -- C:\WINDOWS\tasks\{64DABBA6-FF6F-4D60-A5AE-907B2830DF74}.job
[2013/07/06 16:12:54 | 000,000,368 | -H-- | C] () -- C:\WINDOWS\tasks\{D8CB5D99-28F5-4E8E-9880-585F332A9A5A}.job
[2013/07/06 16:01:57 | 000,320,512 | ---- | C] () -- C:\Documents and Settings\EricB\mstsc.exe
[2013/07/06 16:01:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\alg.exe
[2013/07/06 16:01:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\jqs.exe
[2013/07/06 16:01:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\skype.exe
[2013/07/06 15:53:19 | 000,320,512 | ---- | C] () -- C:\Documents and Settings\EricB\vlcplayer.exe
[2013/07/06 15:53:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\acrobatreader.exe
[2013/07/06 15:53:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\opera.exe
[2013/07/06 15:38:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\msconfig.exe
[2013/07/06 15:35:13 | 000,000,338 | -H-- | C] () -- C:\WINDOWS\tasks\{79F3FA33-EC00-4BA6-A142-6C18B3151625}.job
[2013/05/07 09:27:28 | 000,198,656 | ---- | C] () -- C:\Documents and Settings\EricB\Application Data\dbu32.ocx
[2012/03/11 21:09:18 | 000,591,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-101352598-1718382687-2486076142-1005-0.dat
[2011/12/26 08:32:54 | 000,277,882 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/11/20 11:01:31 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/17 10:02:02 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
[2011/07/17 09:58:27 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2011/07/17 09:58:26 | 000,000,000 | R--- | C] () -- \WIN51IP
[2011/05/29 14:23:16 | 000,012,306 | -HS- | C] () -- C:\Documents and Settings\EricB\Local Settings\Application Data\e32lig0acfqskqq
[2011/05/29 14:23:16 | 000,012,306 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\e32lig0acfqskqq
[2009/08/15 12:00:49 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\EricB\Application Data\$_hpcst$.hpc
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/20 15:01:26 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/07/01 08:35:23 | 001,518,462 | ---- | C] () -- C:\Documents and Settings\EricB\IMG_0191.JPG
[2009/07/01 08:30:56 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\EricB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/08 09:45:48 | 000,000,187 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/11/07 08:18:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/21 08:06:56 | 000,002,851 | ---- | C] () -- C:\WINDOWS\helpwri.dat
[2008/08/07 21:34:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/17 22:42:39 | 070,492,160 | ---- | C] () -- C:\Program Files\sym11_32.exe
[2008/07/17 21:38:19 | 535,003,136 | ---- | C] () -- C:\Program Files\msoffice2007.exe
[2008/07/16 19:01:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\Local Settings\Application Data\WavXMapDrive.bat
[2008/07/11 18:29:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/11 18:25:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/07/11 18:22:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat
[2008/07/11 18:08:10 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/07/11 18:05:27 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/07/11 18:05:27 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/07/11 17:20:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/07/11 17:19:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2008/07/11 17:17:36 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/13 15:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 15:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 15:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 15:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 15:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 15:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 15:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/13 15:32:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\CacheFP.exe
[2007/09/12 16:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 16:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 16:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 16:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 16:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 16:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 16:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 16:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 16:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 16:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 10:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2006/08/14 12:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 09:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2006/03/24 07:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2005/09/02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/07/16 17:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe
[2004/09/10 14:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 14:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:28 | 000,507,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:28 | 000,088,908 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== LOP Check ==========

[2013/05/06 06:49:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater
[2013/04/24 13:09:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\IObit
[2008/07/11 18:13:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Wave Systems Corp
[2008/07/11 18:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2008/12/04 20:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EricB\Application Data\Decisioneering
[2011/12/23 17:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EricB\Application Data\GARMIN
[2012/03/24 11:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EricB\Application Data\HTC
[2012/05/20 08:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EricB\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2013/06/23 18:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EricB\Application Data\IObit
[2013/06/03 15:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EricB\Application Data\Juniper Networks
[2012/07/03 06:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EricB\Application Data\Oracle
[2013/06/23 17:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EricB\Application Data\PriceGong
[2013/07/07 16:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EricB\Application Data\SearchProtect
[2009/08/24 18:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EricB\Application Data\Smith Micro
[2013/06/23 18:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EricB\Application Data\Strongvault
[2008/08/20 22:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EricB\Application Data\think-cell
[2008/07/11 18:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EricB\Application Data\Wave Systems Corp
[2012/03/30 09:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EricB\Application Data\webex
[2008/08/20 20:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EricB\Application Data\Windows Desktop Search
[2008/08/20 20:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EricB\Application Data\Windows Search
[2008/12/04 20:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Decisioneering
[2011/12/23 17:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2013/05/06 07:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/01/17 17:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/07/11 18:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2013/06/23 18:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2008/08/24 08:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2013/06/23 18:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup
[2008/07/11 18:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/01/12 22:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/08/20 07:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xdus
[2013/07/07 16:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330
[2013/05/06 06:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/08/23 22:19:17 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2013/08/23 22:19:17 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\ASC6_AutoClean.job
[2013/08/23 22:19:17 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job
[2013/08/18 12:14:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job
[2012/05/23 21:27:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job
[2013/07/06 17:53:36 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\DoxillionDowngrade.job
[2013/07/06 17:53:36 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\DoxillionReminder.job
[2013/07/07 22:00:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2012/05/21 20:53:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\videopadSevenDays.job
[2012/05/17 20:56:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2013/07/06 16:47:12 | 000,000,344 | -H-- | M] () -- C:\WINDOWS\Tasks\{64DABBA6-FF6F-4D60-A5AE-907B2830DF74}.job
[2013/07/06 15:35:14 | 000,000,338 | -H-- | M] () -- C:\WINDOWS\Tasks\{79F3FA33-EC00-4BA6-A142-6C18B3151625}.job
[2013/07/06 16:12:55 | 000,000,368 | -H-- | M] () -- C:\WINDOWS\Tasks\{D8CB5D99-28F5-4E8E-9880-585F332A9A5A}.job

========== Purity Check ==========


< End of report >
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello XXX

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image text box.
    :OTL
    O4 - HKLM..\Run: [DisplaySwitch] C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe ()
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKU\.DEFAULT..\Run: [PowerDVD DX] File not found
    O4 - HKU\.DEFAULT..\Run: [Sun] C:\Documents and Settings\EricB\Local Settings\Application Data\CRE\Sun\fagcbo.dll (CANON INC.)
    O4 - HKU\.DEFAULT..\Run: [Temp] File not found
    O4 - HKU\.DEFAULT..\Run: [VisualBeeExe] C:\Documents and Settings\EricB\Local Settings\Application Data\Apple\VisualBeeExe\dgehneapae.dll (CANON INC.)
    O4 - HKU\EricB_ON_C..\Run: [Adobe CSS5.1 Manager] C:\Documents and Settings\EricB\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad\eeebebad.exe ()
    O4 - HKU\EricB_ON_C..\Run: [Google Update] Reg Error: Value error. File not found
    O4 - HKU\EricB_ON_C..\Run: [PowerDVD DX] File not found
    O4 - HKU\EricB_ON_C..\Run: [Sun] C:\Documents and Settings\EricB\Local Settings\Application Data\CRE\Sun\fagcbo.dll (CANON INC.)
    O4 - HKU\EricB_ON_C..\Run: [VisualBeeExe] C:\Documents and Settings\EricB\Local Settings\Application Data\Apple\VisualBeeExe\dgehneapae.dll (CANON INC.)
    O4 - HKU\LocalService_ON_C..\Run: [Adobe CSS5.1 Manager] C:\Documents and Settings\LocalService\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad\eeebebad.exe ()
    O4 - HKU\LocalService_ON_C..\Run: [PowerDVD DX] File not found
    O4 - HKU\LocalService_ON_C..\Run: [Sun] C:\Documents and Settings\EricB\Local Settings\Application Data\CRE\Sun\fagcbo.dll (CANON INC.)
    O4 - HKU\LocalService_ON_C..\Run: [Temp] File not found
    O4 - HKU\LocalService_ON_C..\Run: [VisualBeeExe] C:\Documents and Settings\EricB\Local Settings\Application Data\Apple\VisualBeeExe\dgehneapae.dll (CANON INC.)
    O4 - HKU\NetworkService_ON_C..\Run: [Adobe CSS5.1 Manager] C:\Documents and Settings\NetworkService\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad\eeebebad.exe ()
    O4 - HKU\NetworkService_ON_C..\Run: [PowerDVD DX] File not found
    O4 - HKU\NetworkService_ON_C..\Run: [Sun] C:\Documents and Settings\EricB\Local Settings\Application Data\CRE\Sun\fagcbo.dll (CANON INC.)
    O4 - HKU\NetworkService_ON_C..\Run: [Temp] File not found
    O4 - HKU\NetworkService_ON_C..\Run: [VisualBeeExe] C:\Documents and Settings\EricB\Local Settings\Application Data\Apple\VisualBeeExe\dgehneapae.dll (CANON INC.)
    O4 - HKU\EricB_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe (Adobe Systems, Inc.)
    O4 - HKU\LocalService_ON_C..\RunOnce: [Adobe CSS5.1 Manager] C:\Documents and Settings\LocalService\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad\eeebebad.exe ()
    O4 - HKU\NetworkService_ON_C..\RunOnce: [Adobe CSS5.1 Manager] C:\Documents and Settings\NetworkService\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad\eeebebad.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
    [2013/07/07 16:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
    [2013/07/07 16:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EricB\Application Data\SearchProtect
    [2013/07/07 16:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\OtShot
    [2013/08/20 07:51:24 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
    [2013/08/20 07:51:09 | 000,350,795 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
    [2013/08/20 07:40:51 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
    [2013/07/07 09:07:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\googleupdate340139.exe
    [2013/07/07 09:06:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\acrobatreader890357.exe
    [2013/07/07 09:06:49 | 000,320,512 | ---- | M] () -- C:\Documents and Settings\EricB\notepad798658.exe
    [2013/07/07 09:06:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\vlcplayer229362.exe
    [2013/07/07 09:06:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\conhost637474.exe
    [2013/07/06 18:40:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\windowsupdate989896.exe
    [2013/07/06 18:39:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\java.exe
    [2013/07/06 18:17:10 | 000,320,512 | ---- | M] () -- C:\Documents and Settings\EricB\jucheck.exe
    [2013/07/06 18:16:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\EricB\flashplayer.exe
    [2013/07/06 16:01:57 | 000,320,512 | ---- | C] () -- C:\Documents and Settings\EricB\mstsc.exe
    [2013/07/06 16:01:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\alg.exe
    [2013/07/06 16:01:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\jqs.exe
    [2013/07/06 16:01:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\skype.exe
    [2013/07/06 15:53:19 | 000,320,512 | ---- | C] () -- C:\Documents and Settings\EricB\vlcplayer.exe
    [2013/07/06 15:53:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\acrobatreader.exe
    [2013/07/06 15:53:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\opera.exe
    [2013/07/06 15:38:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\EricB\msconfig.exe
    [2011/05/29 14:23:16 | 000,012,306 | -HS- | C] () -- C:\Documents and Settings\EricB\Local Settings\Application Data\e32lig0acfqskqq
    [2011/05/29 14:23:16 | 000,012,306 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\e32lig0acfqskqq
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo
  • 0

#9
ericthefish

ericthefish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Gringo,

ran the fix, and the results are below from the log file. The system booted with the original XP OS, and the ransomware seems to be gone. The system is very slow, though, and I am getting a repeating popup with "Symantec AntiVirus Detection Results" that says Trojan.Zeroaccess.C has been removed. I have to say that I was getting similar messages prior to the attack by Arestocrat. Don't know if they're related, but the system stability still doesn't seem as it should be.

Thanks again for your time, here is the log file:

Eric

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DisplaySwitch deleted successfully.
C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\PowerDVD DX deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Sun deleted successfully.
C:\Documents and Settings\EricB\Local Settings\Application Data\CRE\Sun\fagcbo.dll moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Temp deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\VisualBeeExe deleted successfully.
C:\Documents and Settings\EricB\Local Settings\Application Data\Apple\VisualBeeExe\dgehneapae.dll moved successfully.
Registry value HKEY_USERS\EricB_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager deleted successfully.
C:\Documents and Settings\EricB\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad\eeebebad.exe moved successfully.
Registry value HKEY_USERS\EricB_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update not found.
Registry value HKEY_USERS\EricB_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\PowerDVD DX deleted successfully.
Registry value HKEY_USERS\EricB_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Sun deleted successfully.
File C:\Documents and Settings\EricB\Local Settings\Application Data\CRE\Sun\fagcbo.dll not found.
Registry value HKEY_USERS\EricB_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\VisualBeeExe deleted successfully.
File C:\Documents and Settings\EricB\Local Settings\Application Data\Apple\VisualBeeExe\dgehneapae.dll not found.
Registry value HKEY_USERS\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad\eeebebad.exe moved successfully.
Registry value HKEY_USERS\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\PowerDVD DX deleted successfully.
Registry value HKEY_USERS\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Sun deleted successfully.
File C:\Documents and Settings\EricB\Local Settings\Application Data\CRE\Sun\fagcbo.dll not found.
Registry value HKEY_USERS\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Temp deleted successfully.
Registry value HKEY_USERS\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\VisualBeeExe deleted successfully.
File C:\Documents and Settings\EricB\Local Settings\Application Data\Apple\VisualBeeExe\dgehneapae.dll not found.
Registry value HKEY_USERS\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad\eeebebad.exe moved successfully.
Registry value HKEY_USERS\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\PowerDVD DX deleted successfully.
Registry value HKEY_USERS\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Sun deleted successfully.
File C:\Documents and Settings\EricB\Local Settings\Application Data\CRE\Sun\fagcbo.dll not found.
Registry value HKEY_USERS\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Temp deleted successfully.
Registry value HKEY_USERS\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\VisualBeeExe deleted successfully.
File C:\Documents and Settings\EricB\Local Settings\Application Data\Apple\VisualBeeExe\dgehneapae.dll not found.
Registry value HKEY_USERS\EricB_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate deleted successfully.
C:\WINDOWS\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe moved successfully.
Registry value HKEY_USERS\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager deleted successfully.
File C:\Documents and Settings\LocalService\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad\eeebebad.exe not found.
Registry value HKEY_USERS\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager deleted successfully.
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\50e417e0-e461-474b-96e2-077b80325612ad\eeebebad.exe not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk moved successfully.
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe moved successfully.
C:\Program Files\SearchProtect\ffprotect folder moved successfully.
C:\Program Files\SearchProtect\Dialogs\spsd\images folder moved successfully.
C:\Program Files\SearchProtect\Dialogs\spsd folder moved successfully.
C:\Program Files\SearchProtect\Dialogs\spbd\images folder moved successfully.
C:\Program Files\SearchProtect\Dialogs\spbd folder moved successfully.
C:\Program Files\SearchProtect\Dialogs\lib folder moved successfully.
C:\Program Files\SearchProtect\Dialogs folder moved successfully.
C:\Program Files\SearchProtect\bin folder moved successfully.
C:\Program Files\SearchProtect folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect\Res folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect\ffprotect\SProtectorRepository folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect\ffprotect\Dialogs\spsd folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect\ffprotect\Dialogs\spbd folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect\ffprotect\Dialogs\lib folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect\ffprotect\Dialogs folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect\ffprotect folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect\Dialogs\spsd\images folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect\Dialogs\spsd folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect\Dialogs\spbd\images folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect\Dialogs\spbd folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect\Dialogs\lib folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect\Dialogs folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect\bin folder moved successfully.
C:\Documents and Settings\EricB\Application Data\SearchProtect folder moved successfully.
C:\Program Files\OtShot folder moved successfully.
C:\Documents and Settings\All Users\Application Data\1.bmp moved successfully.
C:\Documents and Settings\All Users\Application Data\1.jpg moved successfully.
File C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe not found.
C:\Documents and Settings\EricB\googleupdate340139.exe moved successfully.
C:\Documents and Settings\EricB\acrobatreader890357.exe moved successfully.
C:\Documents and Settings\EricB\notepad798658.exe moved successfully.
C:\Documents and Settings\EricB\vlcplayer229362.exe moved successfully.
C:\Documents and Settings\EricB\conhost637474.exe moved successfully.
C:\Documents and Settings\EricB\windowsupdate989896.exe moved successfully.
C:\Documents and Settings\EricB\java.exe moved successfully.
C:\Documents and Settings\EricB\jucheck.exe moved successfully.
C:\Documents and Settings\EricB\flashplayer.exe moved successfully.
C:\Documents and Settings\EricB\mstsc.exe moved successfully.
C:\Documents and Settings\EricB\alg.exe moved successfully.
C:\Documents and Settings\EricB\jqs.exe moved successfully.
C:\Documents and Settings\EricB\skype.exe moved successfully.
C:\Documents and Settings\EricB\vlcplayer.exe moved successfully.
C:\Documents and Settings\EricB\acrobatreader.exe moved successfully.
C:\Documents and Settings\EricB\opera.exe moved successfully.
C:\Documents and Settings\EricB\msconfig.exe moved successfully.
C:\Documents and Settings\EricB\Local Settings\Application Data\e32lig0acfqskqq moved successfully.
C:\Documents and Settings\All Users\Application Data\e32lig0acfqskqq moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
Error: Unable to interpret <[emptyjava]> in the current context!

[EMPTYFLASH]

User: Administrator
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.ERIC-2894F89078
->Temp folder emptied: 240691 bytes
->Temporary Internet Files folder emptied: 128663 bytes

User: All Users

User: All Users.NEW

User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56466 bytes

User: Default User.NEW
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: EricB
->Temp folder emptied: 24237848 bytes
->Temporary Internet Files folder emptied: 92545800 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 369625535 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 9909591 bytes

User: LocalService
->Temp folder emptied: 106760 bytes
->Temporary Internet Files folder emptied: 1046341 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 91038 bytes
->Temporary Internet Files folder emptied: 90939704 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

Total Flash Files Cleaned = 562.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 08282013_011047
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello ericthefish

At least we got it booted and now we can start going after everything else

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.





-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

Advertisements


#11
ericthefish

ericthefish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Gringo,

AdwCleaner report:

# AdwCleaner v3.001 - Report created 28/08/2013 at 22:20:52
# Updated 24/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : EricB - ERIC
# Running from : C:\Documents and Settings\EricB\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SoftwareUpdater
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Documents and Settings\EricB\IECompatCache
Folder Deleted : C:\Documents and Settings\EricB\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\EricB\Local Settings\Application Data\cre
Folder Deleted : C:\Documents and Settings\EricB\Local Settings\Application Data\DownloadGuide
Folder Deleted : C:\Documents and Settings\EricB\Local Settings\Application Data\visualbeeexe
Folder Deleted : C:\Documents and Settings\EricB\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\EricB\My Documents\RegClean
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.2180

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\EricB\Application Data\Mozilla\Firefox\Profiles\b7zottkf.default-1375016357703\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\EricB\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [3861 octets] - [28/08/2013 22:18:40]
AdwCleaner[S0].txt - [3668 octets] - [28/08/2013 22:20:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3728 octets] ##########


JRT Report:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Microsoft Windows XP x86
Ran by EricB on Wed 08/28/2013 at 22:36:26.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\updater by sweetpacks
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{15ED9A55-EE5B-469C-AABC-FA087C9A1342}



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\nsprotector.js"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\visualbee"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\EricB\Application Data\strongvault"
Successfully deleted: [Folder] "C:\Documents and Settings\EricB\Local Settings\Application Data\visualbee_v.1"
Successfully deleted: [Folder] "C:\Program Files\visualbee_v.1"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\EricB\Application Data\mozilla\firefox\profiles\b7zottkf.default-1375016357703\extensions\[email protected] [Tracur]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/28/2013 at 22:51:56.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


thanks,

Eric
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello ericthefish

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#13
ericthefish

ericthefish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Gringo,

ComboFix report is below.

this ran OK, installed recovery console etc.

prior to running the program, I disabled anti-malware and anti-virus, but ComboFix seemed to think that my Symantec Endpoint Protection was still active. I checked again and verified it was disabled, then ran on with ComboFix.

The system did not reboot after the scan was done, but I couldn't connect to the internet with a browser, even though the connection was fine. Rebooted and things seem pretty normal now.

Eric

ComboFix 13-08-29.02 - EricB 08/29/2013 19:50:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1277 [GMT -4:00]
Running from: c:\documents and settings\EricB\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\EricB\LOCALS~1\APPLIC~1\Google\Desktop\Install
c:\docume~1\EricB\LOCALS~1\APPLIC~1\Google\Desktop\Install\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\C3C1~1\01C8~1\CFFE~1\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\@
c:\docume~1\EricB\LOCALS~1\APPLIC~1\Google\Desktop\Install\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\C3C1~1\01C8~1\CFFE~1\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\GoogleUpdate.exe
c:\docume~1\EricB\LOCALS~1\APPLIC~1\Google\Desktop\Install\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\C3C1~1\01C8~1\CFFE~1\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\U\[email protected]
c:\docume~1\EricB\LOCALS~1\APPLIC~1\Google\Desktop\Install\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\C3C1~1\01C8~1\CFFE~1\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\U\[email protected]
c:\docume~1\EricB\LOCALS~1\APPLIC~1\Google\Desktop\Install\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\C3C1~1\01C8~1\CFFE~1\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\U\[email protected]
c:\docume~1\EricB\LOCALS~1\APPLIC~1\Google\Desktop\Install\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\C3C1~1\01C8~1\CFFE~1\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\U\[email protected]
c:\docume~1\EricB\LOCALS~1\APPLIC~1\Google\Desktop\Install\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\C3C1~1\01C8~1\CFFE~1\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\U\[email protected]
c:\documents and settings\EricB\Application Data\dbu32.ocx
c:\program files\Google\Desktop\Install\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\0103~1\0103~1\CFFE~1\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\@
c:\program files\Google\Desktop\Install\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\0103~1\0103~1\CFFE~1\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\GoogleUpdate.exe
c:\program files\Google\Desktop\Install\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\0103~1\0103~1\CFFE~1\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\U\[email protected]
c:\program files\Google\Desktop\Install\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\0103~1\0103~1\CFFE~1\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\U\[email protected]
c:\program files\Google\Desktop\Install\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\0103~1\0103~1\CFFE~1\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\U\[email protected]
c:\program files\Google\Desktop\Install\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\0103~1\0103~1\CFFE~1\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\U\[email protected]
c:\program files\Google\Desktop\Install\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\0103~1\0103~1\CFFE~1\{2d594619-9126-58c0-c9d1-67dd24c8f6ab}\U\[email protected]
c:\program files\msoffice2007.exe
c:\windows\system32\test
.
.
((((((((((((((((((((((((( Files Created from 2013-07-28 to 2013-08-30 )))))))))))))))))))))))))))))))
.
.
2013-08-29 02:36 . 2013-08-29 02:36 -------- d-----w- c:\windows\ERUNT
2013-08-29 02:18 . 2013-08-29 02:21 -------- d-----w- C:\AdwCleaner
2013-08-28 05:15 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2013-08-28 05:10 . 2013-08-28 05:10 -------- d-----w- C:\_OTL
2013-08-24 06:04 . 2013-08-24 06:04 -------- d-----w- C:\Inetpub
2013-08-21 13:05 . 2013-08-21 13:05 -------- d-----w- C:\FRST
2013-08-21 05:09 . 2013-08-21 05:09 -------- d-----w- c:\program files\RGB
2013-08-21 05:04 . 2013-08-21 05:04 -------- d-----w- c:\program files\DIGStream
2013-08-21 05:04 . 2013-08-21 05:04 -------- d-----w- c:\program files\ESPNMotion
2013-08-21 05:04 . 2013-08-21 05:04 -------- d-----w- c:\program files\GemMaster
2013-08-21 05:04 . 2013-08-21 05:04 -------- d-----w- c:\program files\EnglishOtto
2013-08-21 04:52 . 2013-08-21 04:52 -------- d-----w- c:\documents and settings\Administrator.ERIC-2894F89078
2013-08-21 04:51 . 2013-08-21 04:51 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2013-08-21 04:51 . 2013-08-21 04:51 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2013-08-21 04:40 . 2004-08-10 11:00 28672 ----a-w- c:\program files\Windows Media Player\wmpenc.exe
2013-08-21 04:40 . 2004-08-10 11:00 118784 ----a-w- c:\program files\Windows Media Player\wmlaunch.exe
2013-08-21 04:39 . 2004-08-10 11:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2013-08-21 04:39 . 2004-08-10 11:00 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2013-08-21 04:39 . 2004-08-10 11:00 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2013-08-21 04:39 . 2004-08-10 11:00 214528 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2013-08-21 04:39 . 2004-08-10 11:00 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2013-08-21 04:35 . 2013-08-21 04:35 -------- d-----w- c:\program files\Windows Plus
2013-08-21 04:34 . 2004-08-10 10:47 92672 ----a-w- c:\program files\Movie Maker\WMM2DVR.DLL
2013-08-21 04:34 . 2004-08-10 10:47 410624 ----a-w- c:\program files\Movie Maker\MUI\0409\AddOnTfx\WMM2FXPZ.DLL
2013-08-21 04:34 . 2004-08-10 11:00 28672 ----a-w- c:\program files\Messenger\custsat.dll
2013-08-21 00:28 . 2013-08-21 00:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-20 21:21 . 2013-08-21 13:05 -------- d--h--w- c:\documents and settings\Default User.NEW
2013-08-20 21:21 . 2013-08-21 04:41 -------- d-----w- c:\documents and settings\All Users.NEW
2013-08-20 21:11 . 2013-08-24 06:11 -------- d-----w- c:\windows\NEW
2013-08-04 18:17 . 2013-08-04 18:17 512 ----a-w- c:\documents and settings\EricB\out.bin
2013-08-01 01:26 . 2013-08-04 19:15 -------- d-----w- c:\documents and settings\EricB\Local Settings\Application Data\Decisioneering
2013-08-01 01:25 . 2013-08-20 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\xdus
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-11 16:21 . 2012-06-06 02:19 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-11 16:21 . 2011-06-17 22:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2008-07-18 02:42 . 2008-07-18 02:42 70492160 ----a-w- c:\program files\sym11_32.exe
2012-03-30 13:34 . 2013-08-16 23:55 80184 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2012-03-30 13:34 . 2013-08-16 23:55 586040 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-10-29 14:43 . 2013-08-16 23:55 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-10-29 14:43 . 2013-08-16 23:55 99216 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2013-06-07 1514816]
"QuickTime Task"="c:\program files\QUICKTIME\QTTASK.EXE" [2012-04-19 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe CSS5.1 Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSKEY
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Security
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchProtect
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchProtectAll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMM Mode Selection
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 23:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2012-06-04 14:31 1466760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 08:06 1667584 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7/6/2013 5:57 PM 14776]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [3/29/2013 9:38 AM 574272]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/12/2013 3:31 PM 335168]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/15/2011 12:06 PM 88576]
R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [7/30/2011 4:41 PM 140848]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [4/14/2012 4:44 PM 36224]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2013 11:17 PM 108120]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/12/2013 3:31 PM 31520]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [5/14/2012 7:00 PM 52312]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/12/2013 3:31 PM 17360]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [4/29/2008 3:51 PM 23888]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [3/24/2012 11:03 AM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/20/2013 8:28 PM 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2/5/2013 11:48 AM 235216]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [4/14/2012 4:44 PM 134912]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/12/2013 3:31 PM 247968]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ArcRec
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 16:21]
.
2013-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-08-29 c:\windows\Tasks\ASC6_AutoClean.job
- c:\program files\IObit\Advanced SystemCare 6\AutoSweep.exe [2013-03-29 17:25]
.
2012-05-24 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2012-05-14 23:00]
.
2013-07-06 c:\windows\Tasks\DoxillionDowngrade.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2012-11-19 16:41]
.
2013-07-06 c:\windows\Tasks\DoxillionReminder.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2012-11-19 16:41]
.
2012-05-22 c:\windows\Tasks\videopadSevenDays.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2012-05-15 00:53]
.
2012-05-18 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2012-05-15 00:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080711
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\EricB\Application Data\Mozilla\Firefox\Profiles\b7zottkf.default-1375016357703\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7aeae561-714b-45f6-ace3-4a8aed6e227b} - (no file)
BHO-{7aeae561-714b-45f6-ace3-4a8aed6e227b} - (no file)
Toolbar-{7aeae561-714b-45f6-ace3-4a8aed6e227b} - (no file)
WebBrowser-{7AEAE561-714B-45F6-ACE3-4A8AED6E227B} - (no file)
SafeBoot-Symantec Antvirus
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe
AddRemove-Adobe Connect 9 Add-in - c:\documents and settings\EricB\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\adobeconnectaddin\adobeconnectaddin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-29 20:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,c7,c8,ab,50,7e,72,4a,ac,7b,fc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,c7,c8,ab,50,7e,72,4a,ac,7b,fc,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1296)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(1376)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2013-08-29 20:11:33
ComboFix-quarantined-files.txt 2013-08-30 00:11
.
Pre-Run: 11,373,355,008 bytes free
Post-Run: 11,079,516,160 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\NEW="Windows XP Media Center Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4BB212E18C6396C1880D6D4202BCC402
8F558EB6672622401DA993E1E865C861
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello ericthefish

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::



Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#15
ericthefish

ericthefish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Gringo,

ComboFix report below. CF ran smoothly this time, no interruptions or issues, and it rebooted the computer. Internet connectivity was also not disrupted. Some applications and windows seem to be taking a little longer than usual to load or refresh, but the machine seems to be working OK. Symantec has so far not provided any pop-up warnings.

Time, I guess, to uninstall that other version of XP!

Eric


ComboFix 13-08-30.02 - EricB 08/30/2013 16:50:17.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1360 [GMT -4:00]
Running from: c:\documents and settings\EricB\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\EricB\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Tskman.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Task_Manager_Lite
-------\Service_Task Manager Lite
.
.
((((((((((((((((((((((((( Files Created from 2013-07-28 to 2013-08-30 )))))))))))))))))))))))))))))))
.
.
2013-08-30 00:29 . 2013-08-30 00:46 -------- d-----w- c:\windows\LastGood.Tmp
2013-08-29 02:36 . 2013-08-29 02:36 -------- d-----w- c:\windows\ERUNT
2013-08-29 02:18 . 2013-08-29 02:21 -------- d-----w- C:\AdwCleaner
2013-08-28 05:15 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2013-08-28 05:10 . 2013-08-28 05:10 -------- d-----w- C:\_OTL
2013-08-24 06:04 . 2013-08-24 06:04 -------- d-----w- C:\Inetpub
2013-08-21 13:05 . 2013-08-21 13:05 -------- d-----w- C:\FRST
2013-08-21 05:09 . 2013-08-21 05:09 -------- d-----w- c:\program files\RGB
2013-08-21 05:04 . 2013-08-21 05:04 -------- d-----w- c:\program files\DIGStream
2013-08-21 05:04 . 2013-08-21 05:04 -------- d-----w- c:\program files\ESPNMotion
2013-08-21 05:04 . 2013-08-21 05:04 -------- d-----w- c:\program files\GemMaster
2013-08-21 05:04 . 2013-08-21 05:04 -------- d-----w- c:\program files\EnglishOtto
2013-08-21 04:52 . 2013-08-21 04:52 -------- d-----w- c:\documents and settings\Administrator.ERIC-2894F89078
2013-08-21 04:51 . 2013-08-21 04:51 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2013-08-21 04:51 . 2013-08-21 04:51 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2013-08-21 04:40 . 2004-08-10 11:00 28672 ----a-w- c:\program files\Windows Media Player\wmpenc.exe
2013-08-21 04:40 . 2004-08-10 11:00 118784 ----a-w- c:\program files\Windows Media Player\wmlaunch.exe
2013-08-21 04:39 . 2004-08-10 11:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2013-08-21 04:39 . 2004-08-10 11:00 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2013-08-21 04:39 . 2004-08-10 11:00 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2013-08-21 04:39 . 2004-08-10 11:00 214528 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2013-08-21 04:39 . 2004-08-10 11:00 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2013-08-21 04:35 . 2013-08-21 04:35 -------- d-----w- c:\program files\Windows Plus
2013-08-21 04:34 . 2004-08-10 10:47 92672 ----a-w- c:\program files\Movie Maker\WMM2DVR.DLL
2013-08-21 04:34 . 2004-08-10 10:47 410624 ----a-w- c:\program files\Movie Maker\MUI\0409\AddOnTfx\WMM2FXPZ.DLL
2013-08-21 04:34 . 2004-08-10 11:00 28672 ----a-w- c:\program files\Messenger\custsat.dll
2013-08-21 00:28 . 2013-08-21 00:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-20 21:21 . 2013-08-21 13:05 -------- d--h--w- c:\documents and settings\Default User.NEW
2013-08-20 21:21 . 2013-08-21 04:41 -------- d-----w- c:\documents and settings\All Users.NEW
2013-08-20 21:11 . 2013-08-24 06:11 -------- d-----w- c:\windows\NEW
2013-08-04 18:17 . 2013-08-04 18:17 512 ----a-w- c:\documents and settings\EricB\out.bin
2013-08-01 01:26 . 2013-08-04 19:15 -------- d-----w- c:\documents and settings\EricB\Local Settings\Application Data\Decisioneering
2013-08-01 01:25 . 2013-08-20 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\xdus
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-11 16:21 . 2012-06-06 02:19 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-11 16:21 . 2011-06-17 22:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2008-07-18 02:42 . 2008-07-18 02:42 70492160 ----a-w- c:\program files\sym11_32.exe
2012-03-30 13:34 . 2013-08-16 23:55 80184 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2012-03-30 13:34 . 2013-08-16 23:55 586040 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-10-29 14:43 . 2013-08-16 23:55 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-10-29 14:43 . 2013-08-16 23:55 99216 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2013-06-07 1514816]
"QuickTime Task"="c:\program files\QUICKTIME\QTTASK.EXE" [2012-04-19 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 23:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2012-06-04 14:31 1466760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 08:06 1667584 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7/6/2013 5:57 PM 14776]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [3/29/2013 9:38 AM 574272]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/12/2013 3:31 PM 335168]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/15/2011 12:06 PM 88576]
R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [7/30/2011 4:41 PM 140848]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [4/14/2012 4:44 PM 36224]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2013 11:17 PM 108120]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/12/2013 3:31 PM 31520]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [5/14/2012 7:00 PM 52312]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/12/2013 3:31 PM 17360]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [4/29/2008 3:51 PM 23888]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [3/24/2012 11:03 AM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/20/2013 8:28 PM 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2/5/2013 11:48 AM 235216]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [4/14/2012 4:44 PM 134912]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/12/2013 3:31 PM 247968]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ArcRec
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 16:21]
.
2013-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-08-30 c:\windows\Tasks\ASC6_AutoClean.job
- c:\program files\IObit\Advanced SystemCare 6\AutoSweep.exe [2013-03-29 18:57]
.
2012-05-24 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2012-05-14 23:00]
.
2013-07-06 c:\windows\Tasks\DoxillionDowngrade.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2012-11-19 16:41]
.
2013-07-06 c:\windows\Tasks\DoxillionReminder.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2012-11-19 16:41]
.
2012-05-22 c:\windows\Tasks\videopadSevenDays.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2012-05-15 00:53]
.
2012-05-18 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2012-05-15 00:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080711
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\EricB\Application Data\Mozilla\Firefox\Profiles\b7zottkf.default-1375016357703\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - ExtSQL: 2013-08-30 13:19; [email protected]; c:\documents and settings\EricB\Application Data\Mozilla\Firefox\Profiles\b7zottkf.default-1375016357703\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-30 17:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,c7,c8,ab,50,7e,72,4a,ac,7b,fc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,c7,c8,ab,50,7e,72,4a,ac,7b,fc,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1364)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(8420)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\StacSV.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\dllhost.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\program files\IObit\Advanced SystemCare 6\ProTip.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\SoftwareDistribution\Download\84b4d4a812b6609f4743b50cc13b603a\update\update.exe
.
**************************************************************************
.
Completion time: 2013-08-30 17:23:26 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-30 21:23
ComboFix2.txt 2013-08-30 00:11
.
Pre-Run: 10,231,554,048 bytes free
Post-Run: 9,989,189,632 bytes free
.
- - End Of File - - 6CBA484C7DD7E81B33F706D20B5B7832
8F558EB6672622401DA993E1E865C861
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP