I really love this comp and would like to save it if I can.
This comp started getting really slow and then avast kept giving me a warning about a virus something /physicaldrve or something I can't quite remember as it was about a month or so ago.
I tried to delete this and it said it would delete it when I ran the next boot scan which i promptly did. After the boot scan it still kept popping the same thing up. I then tried to restore my computer to an earlier config but was shocked to find out that my system restore was not working for any of my back-up dates.
So I moved all my important files to my removable HD and scanned that for any issues and it came back clean. so I then did a complete Destructive restore of the computer back to square one.
Once I had reset the computer I started getting the Windows XP Security Suite virus popping up I finally got rid of it by disabling restore points and using Avast anti rootkit and Malwarebytes.
I ran another scan of my comp and Malwarebytes Avast, and SpyBot S&D all came back clean. I was doing all of this in safe mode so once clean I put my comp into Normal mode. In normal mode my comp is very slow and will not let me download any windows updates or install/remove any software. It will start to install or remove something and just freeze.
I went back into safe mode and after much Google-ing I suspect that I may have had a Sinowal/Mebroot infection. I have run aswMBR and had some warning like his in the log
Disk 0 malicious Win32:MBRoot code @ sector 625140403 !
Disk 0 PE file @ sector 625140425 !
So I fixed MBR and rebooted.
This helped out alot, but I'm still not able to use normal mode! Again nothing will download update or be removed without the comp freezing.
Please if anyone can help me I would greatly appreciate it! I have been fighting this for at least a month and I really need my computer back!
here is the log for OTL
OTS logfile created on: 5/3/2011 3:51:42 PM - Run 2 OTS by OldTimer - Version 3.1.42.0 Folder = C:\Documents and Settings\Administrator.ROMIONE\My Documents\Downloads Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 81.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 182.02 Gb Total Space | 175.89 Gb Free Space | 96.63% Space Free | Partition Type: NTFS Drive D: | 4.27 Gb Total Space | 1.68 Gb Free Space | 39.28% Space Free | Partition Type: FAT32 Drive E: | 137.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive L: | 3.74 Gb Total Space | 1.23 Gb Free Space | 32.84% Space Free | Partition Type: FAT32 Drive M: | 465.76 Gb Total Space | 22.36 Gb Free Space | 4.80% Space Free | Partition Type: NTFS Computer Name: ROMIONE Current User Name: Administrator Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Documents and Settings\Administrator.ROMIONE\My Documents\Downloads\OTS.exe -> [2011/04/30 22:30:43 | 000,645,632 | ---- | M] (OldTimer Tools) explorer.exe -> C:\WINDOWS\explorer.exe -> [2004/08/04 15:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) [Modules - Safe List] ots.exe -> C:\Documents and Settings\Administrator.ROMIONE\My Documents\Downloads\OTS.exe -> [2011/04/30 22:30:43 | 000,645,632 | ---- | M] (OldTimer Tools) comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll -> [2004/08/04 15:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (HidServ) Human Interface Device Access [Disabled | Stopped] -> -> File not found (AppMgmt) Application Management [On_Demand | Stopped] -> -> File not found (PrismXL) PrismXL [Auto | Stopped] -> C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -> [2011/04/26 22:03:54 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) (avast! Antivirus) avast! Antivirus [Auto | Stopped] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) (avast! Firewall) avast! Firewall [Auto | Stopped] -> C:\Program Files\AVAST Software\Avast\afwServ.exe -> [2011/04/18 13:25:09 | 000,121,000 | ---- | M] (AVAST Software) (McAfeeAntiSpyware) McAfee AntiSpyware Real-Time Scanner [Auto | Stopped] -> C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe -> [2004/11/17 04:00:00 | 000,090,112 | ---- | M] (Network Associates, Inc.) (ISSVC) IS Service [On_Demand | Stopped] -> C:\Program Files\Norton Internet Security\ISSVC.exe -> [2004/08/30 22:29:46 | 000,078,992 | ---- | M] (Symantec Corporation) (SBService) ScriptBlocking Service [Auto | Stopped] -> C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -> [2004/08/30 21:34:52 | 000,066,688 | ---- | M] (Symantec Corporation) (navapsvc) Norton AntiVirus Auto-Protect Service [Auto | Stopped] -> C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -> [2004/08/30 14:34:20 | 000,176,768 | ---- | M] (Symantec Corporation) (ccSetMgr) Symantec Settings Manager [Auto | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -> [2004/08/27 19:22:48 | 000,164,984 | ---- | M] (Symantec Corporation) (ccPwdSvc) Symantec Password Validation [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -> [2004/08/27 19:22:48 | 000,078,968 | ---- | M] (Symantec Corporation) (ccProxy) Symantec Network Proxy [Auto | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -> [2004/08/27 19:22:46 | 000,234,616 | ---- | M] (Symantec Corporation) (ccEvtMgr) Symantec Event Manager [Auto | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -> [2004/08/27 19:22:42 | 000,197,752 | ---- | M] (Symantec Corporation) (SNDSrvc) Symantec Network Drivers Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -> [2004/08/27 18:02:54 | 000,206,048 | ---- | M] (Symantec Corporation) (mcupdmgr.exe) McAfee SecurityCenter Update Manager [On_Demand | Stopped] -> C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -> [2004/08/16 18:32:20 | 000,249,856 | ---- | M] (McAfee, Inc) (SymWSC) SymWMI Service [Auto | Stopped] -> C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -> [2004/08/05 20:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) (SAVScan) SAVScan [On_Demand | Stopped] -> C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -> [2004/07/23 15:47:22 | 000,197,864 | ---- | M] (Symantec Corporation) (SPBBCSvc) Symantec SPBBCSvc [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -> [2004/07/21 12:24:04 | 000,173,160 | ---- | M] (Symantec Corporation) [Driver Services - Safe List] (aswFW) avast! TDI Firewall driver [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswFW.sys -> [2011/04/18 13:18:45 | 000,102,232 | ---- | M] (AVAST Software) (aswSnx) aswSnx [File_System | System | Stopped] -> C:\WINDOWS\System32\drivers\aswSnx.sys -> [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) (aswSP) aswSP [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) (aswNdis2) avast! Firewall Core Firewall Service [Kernel | Boot | Running] -> C:\WINDOWS\System32\drivers\aswNdis2.sys -> [2011/04/18 13:17:20 | 000,192,984 | ---- | M] (AVAST Software) (aswTdi) avast! Network Shield Support [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) (aswMon2) aswMon2 [File_System | Auto | Stopped] -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) (aswRdr) aswRdr [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) (Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) (aswFsBlk) aswFsBlk [File_System | Auto | Stopped] -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) (aswNdis) avast! Firewall NDIS Filter Service [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\aswNdis.sys -> [2011/04/18 12:49:53 | 000,012,112 | ---- | M] (ALWIL Software) (DIRECTIO) DIRECTIO [Kernel | On_Demand | Stopped] -> C:\Program Files\BurnInTest\DirectIo.sys -> [2010/06/30 11:34:48 | 000,021,056 | ---- | M] () (SunkFilt) Alcor Micro Corp Reader [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Sunkfilt.sys -> [2004/11/15 20:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2004/09/24 21:14:40 | 002,276,672 | ---- | M] (Realtek Semiconductor Corp.) (SYMTDI) SYMTDI [Kernel | System | Stopped] -> C:\WINDOWS\System32\Drivers\SYMTDI.SYS -> [2004/08/27 18:02:28 | 000,266,464 | ---- | M] (Symantec Corporation) (SYMREDRV) SYMREDRV [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -> [2004/08/27 18:02:26 | 000,025,824 | ---- | M] (Symantec Corporation) (SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> C:\Program Files\Symantec\SYMEVENT.SYS -> [2004/08/26 10:03:38 | 000,104,144 | ---- | M] (Symantec Corporation) (NAVEX15) NAVEX15 [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040811.020\navex15.sys -> [2004/08/10 21:00:00 | 000,617,288 | ---- | M] (Symantec Corporation) (NAVENG) NAVENG [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040811.020\naveng.sys -> [2004/08/10 21:00:00 | 000,068,168 | ---- | M] (Symantec Corporation) (SAVRTPEL) SAVRTPEL [Kernel | Auto | Stopped] -> C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -> [2004/07/23 15:47:24 | 000,049,808 | ---- | M] (Symantec Corporation) (SAVRT) SAVRT [Kernel | On_Demand | Stopped] -> C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -> [2004/07/23 15:47:22 | 000,335,504 | ---- | M] (Symantec Corporation) (SPBBCDrv) SPBBCDrv [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -> [2004/07/21 12:24:02 | 000,341,096 | ---- | M] (Symantec Corporation) (HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2004/06/17 18:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) (winachsf) winachsf [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2004/06/17 18:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) (HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HSF_DP.sys -> [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) (HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Hdaudio.sys -> [2004/03/17 18:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) (mxnic) Macronix MX987xx Family Fast Ethernet NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mxnic.sys -> [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.gatewaybiz.com -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"First Home Page" -> http://www.gatewaybiz.com -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.gateway.com/ -> HKEY_CURRENT_USER\: SearchURL\\"provider" -> -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\Mozilla\FireFox\Profiles\j7eetux7.default\prefs.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\AVAST Software\Avast\WebRep\FF [C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2011/04/27 00:17:11 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/05/03 14:57:39 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS -> < FireFox Extensions [User Folders] > -> -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\Mozilla\Extensions -> [2011/04/27 20:27:47 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\Mozilla\Firefox\Profiles\j7eetux7.default\extensions -> [2011/04/30 20:50:14 | 000,000,000 | ---D | M] BitDefender QuickScan -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\Mozilla\Firefox\Profiles\j7eetux7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} -> [2011/04/30 20:50:14 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2011/04/27 00:14:40 | 000,000,000 | ---D | M] No name found -> -> File not found avast! WebRep -> C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF -> [2011/04/27 00:17:11 | 000,000,000 | ---D | M] < HOSTS File > ([2011/04/30 22:42:51 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2003/05/15 10:47:54 | 000,050,376 | ---- | M] (Adobe Systems Incorporated) {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) {9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> [2004/08/30 22:29:54 | 000,103,568 | ---- | M] (Symantec Corporation) {BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll [CNavExtBho Class] -> [2004/08/30 14:34:34 | 000,218,240 | ---- | M] (Symantec Corporation) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}" [HKLM] -> C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [Norton Internet Security] -> [2004/08/30 22:29:54 | 000,103,568 | ---- | M] (Symantec Corporation) "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll [Norton AntiVirus] -> [2004/08/30 14:34:34 | 000,218,240 | ---- | M] (Symantec Corporation) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "AlcWzrd" -> C:\WINDOWS\ALCWZRD.EXE [ALCWZRD.EXE] -> [2004/09/24 21:06:46 | 002,559,488 | ---- | M] (RealTek Semicoductor Corp.) "avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2011/04/18 13:25:12 | 003,460,784 | ---- | M] (AVAST Software) "CHotkey" -> C:\WINDOWS\zHotkey.exe [zHotkey.exe] -> [2004/05/17 21:30:04 | 000,543,232 | ---- | M] () "High Definition Audio Property Page Shortcut" -> C:\WINDOWS\System32\Hdaudpropshortcut.exe [HDAudPropShortcut.exe] -> [2004/03/17 18:10:40 | 000,061,952 | ---- | M] (Windows (R) Server 2003 DDK provider) "IS CfgWiz" -> C:\Program Files\Norton Internet Security\cfgwiz.exe [C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"] -> [2004/08/17 18:36:18 | 000,132,248 | ---- | M] (Symantec Corporation) "MCAgentExe" -> c:\Program Files\McAfee.com\Agent\mcagent.exe [c:\PROGRA~1\mcafee.com\agent\mcagent.exe] -> [2004/08/17 21:26:38 | 000,245,760 | ---- | M] (McAfee, Inc) "MCUpdateExe" -> C:\Program Files\McAfee.com\Agent\mcupdate.exe [C:\PROGRA~1\mcafee.com\agent\mcupdate.exe] -> [2004/10/02 19:34:04 | 000,184,320 | ---- | M] (McAfee, Inc) "NeroFilterCheck" -> C:\WINDOWS\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 14:50:42 | 000,155,648 | ---- | M] (Ahead Software Gmbh) "Recguard" -> C:\WINDOWS\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2002/09/13 16:42:26 | 000,212,992 | ---- | M] () "ShowWnd" -> C:\WINDOWS\ShowWnd.exe [ShowWnd.exe] -> [2003/09/19 12:09:22 | 000,036,864 | ---- | M] () "SoundMan" -> C:\WINDOWS\SOUNDMAN.EXE [SOUNDMAN.EXE] -> [2004/09/23 22:27:18 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) "SSC_UserPrompt" -> C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe] -> [2004/08/05 13:23:14 | 000,218,240 | ---- | M] (Symantec Corporation) "SunKistEM" -> C:\Program Files\Digital Media Reader\shwiconEM.exe [C:\Program Files\Digital Media Reader\shwiconem.exe] -> [2004/11/15 18:04:32 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) < Administrator.ROMIONE Startup Folder > -> C:\Documents and Settings\Administrator.ROMIONE\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk -> C:\Program Files\BigFix\BigFix.exe -> [2002/07/31 13:22:26 | 001,742,384 | ---- | M] (BigFix Inc.) < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec [HKLM] -> C:\Program Files\PokerStars\PokerStarsUpdate.exe [Button: PokerStars] -> [2011/04/27 21:22:46 | 000,562,968 | ---- | M] (PokerStars) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}" [HKLM] -> C:\Program Files\PokerStars\PokerStarsUpdate.exe [PokerStars] -> [2011/04/27 21:22:46 | 000,562,968 | ---- | M] (PokerStars) CmdMapping\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> [Reg Error: Key error.] -> File not found CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Java Plug-in 1.4.2] -> {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Java Plug-in 1.4.2] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.2.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {05F03983-2E2D-4575-869B-E7FD8F9B6EE5}\\DhcpNameServer -> 192.168.2.1 (Intel(R) PRO/100 VE Network Connection) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2004/08/04 15:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{F2A0229A-C4CA-4789-B606-973D24DCDD1C}" [HKLM] -> C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll [McAfee AntiSpyware Shell Extension] -> [2004/11/17 04:00:00 | 000,086,016 | ---- | M] (Network Associates, Inc.) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "C:\Program Files\America Online 9.0\waol.exe" -> [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Program Files\Vuze\Azureus.exe" -> C:\Program Files\Vuze\Azureus.exe [C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze] -> [2010/01/13 11:42:06 | 000,232,896 | ---- | M] (Vuze Inc.) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () D:\autorun.inf.aug.8 [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ] -> D:\autorun.inf.aug.8 [ FAT32 ] -> [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () E:\autorun.inf [[autorun] | OPEN=Belkin_Setup_and_Monitor_Install.exe | ] -> E:\autorun.inf [ UDF ] -> [2010/02/02 22:06:17 | 000,000,052 | R--- | M] () K:\autorun.inf [[AutoRun] | open=LaunchU3.exe -a | icon=LaunchU3.exe,0 | action=Run U3 Launchpad | | [Definitions] | Launchpad=LaunchPad.exe | Vtype=2 | | [CopyFiles] | FileNumber=1 | File1=LaunchPad.zip | | [Update] | URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.6.1.2&brand=PelicanBFG | | | [Comment] | brand=PelicanBFG | ] -> K:\autorun.inf [ CDFS ] -> [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = ComFile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Files/Folders - Created Within 30 Days] RECYCLER -> C:\RECYCLER -> [2011/05/03 15:50:45 | 000,000,000 | -HSD | C] spmsg.dll -> C:\WINDOWS\System32\spmsg.dll -> [2011/05/03 14:52:40 | 000,013,536 | ---- | C] (Microsoft Corporation) $MSI31Uninstall_KB893803v2$ -> C:\WINDOWS\$MSI31Uninstall_KB893803v2$ -> [2011/05/03 14:52:33 | 000,000,000 | -H-D | C] LastGood -> C:\WINDOWS\LastGood -> [2011/05/03 14:52:20 | 000,000,000 | ---D | C] a081056e277c211a2d -> C:\a081056e277c211a2d -> [2011/05/01 03:00:16 | 000,000,000 | ---D | C] temp -> C:\WINDOWS\temp -> [2011/04/30 22:44:03 | 000,000,000 | ---D | C] cmdcons -> C:\cmdcons -> [2011/04/30 22:39:37 | 000,000,000 | RHSD | C] SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2011/04/30 22:38:58 | 000,212,480 | ---- | C] (SteelWerX) SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2011/04/30 22:38:58 | 000,161,792 | ---- | C] (SteelWerX) SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2011/04/30 22:38:58 | 000,136,704 | ---- | C] (SteelWerX) NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2011/04/30 22:38:58 | 000,031,232 | ---- | C] (NirSoft) ERDNT -> C:\WINDOWS\ERDNT -> [2011/04/30 22:38:52 | 000,000,000 | ---D | C] Qoobox -> C:\Qoobox -> [2011/04/30 22:37:06 | 000,000,000 | ---D | C] 38b496347ca584daf2 -> C:\38b496347ca584daf2 -> [2011/04/30 21:59:03 | 000,000,000 | ---D | C] tmcomm.sys -> C:\WINDOWS\System32\drivers\tmcomm.sys -> [2011/04/30 20:53:45 | 000,189,520 | ---- | C] (Trend Micro Inc.) QuickScan -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\QuickScan -> [2011/04/30 20:50:22 | 000,000,000 | ---D | C] CONEXANT -> C:\Program Files\CONEXANT -> [2011/04/30 20:33:02 | 000,000,000 | ---D | C] xerox -> C:\Program Files\xerox -> [2011/04/30 20:31:45 | 000,000,000 | ---D | C] microsoft frontpage -> C:\Program Files\microsoft frontpage -> [2011/04/30 20:31:44 | 000,000,000 | ---D | C] D3DX9_41.dll -> C:\WINDOWS\System32\D3DX9_41.dll -> [2011/04/30 20:23:23 | 004,178,264 | ---- | C] (Microsoft Corporation) PassMark -> C:\Documents and Settings\All Users\Application Data\PassMark -> [2011/04/30 20:23:22 | 000,000,000 | ---D | C] Logs -> C:\WINDOWS\Logs -> [2011/04/30 20:23:22 | 000,000,000 | ---D | C] BurnInTest -> C:\Documents and Settings\All Users\Start Menu\Programs\BurnInTest -> [2011/04/30 20:23:22 | 000,000,000 | ---D | C] PassMark -> C:\Documents and Settings\Administrator.ROMIONE\My Documents\PassMark -> [2011/04/30 20:23:21 | 000,000,000 | ---D | C] BurnInTest -> C:\Program Files\BurnInTest -> [2011/04/30 20:23:20 | 000,000,000 | ---D | C] Google -> C:\Documents and Settings\Administrator.ROMIONE\Local Settings\Application Data\Google -> [2011/04/30 20:10:52 | 000,000,000 | ---D | C] Macromedia -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\Macromedia -> [2011/04/30 20:08:02 | 000,000,000 | ---D | C] Adobe -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\Adobe -> [2011/04/30 20:08:02 | 000,000,000 | ---D | C] Recent -> C:\Documents and Settings\Administrator.ROMIONE\Recent -> [2011/04/30 19:55:46 | 000,000,000 | RH-D | C] Azureus -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\Azureus -> [2011/04/27 21:26:06 | 000,000,000 | ---D | C] Vuze -> C:\Program Files\Vuze -> [2011/04/27 21:25:11 | 000,000,000 | ---D | C] i4j_jres -> C:\Program Files\Common Files\i4j_jres -> [2011/04/27 21:25:11 | 000,000,000 | ---D | C] PokerStars -> C:\Documents and Settings\All Users\Start Menu\Programs\PokerStars -> [2011/04/27 21:22:48 | 000,000,000 | ---D | C] PokerStars -> C:\Program Files\PokerStars -> [2011/04/27 21:22:38 | 000,000,000 | ---D | C] FileZilla FTP Client -> C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client -> [2011/04/27 21:21:40 | 000,000,000 | ---D | C] FileZilla FTP Client -> C:\Program Files\FileZilla FTP Client -> [2011/04/27 21:21:38 | 000,000,000 | ---D | C] GreedyTorrent -> C:\Program Files\GreedyTorrent -> [2011/04/27 21:21:15 | 000,000,000 | ---D | C] GreedyTorrent -> C:\Documents and Settings\All Users\Start Menu\Programs\GreedyTorrent -> [2011/04/27 21:21:15 | 000,000,000 | ---D | C] XP Codec Pack 2.5.1 -> C:\Documents and Settings\Administrator.ROMIONE\Start Menu\Programs\XP Codec Pack 2.5.1 -> [2011/04/27 21:20:05 | 000,000,000 | ---D | C] XP Codec Pack -> C:\Program Files\XP Codec Pack -> [2011/04/27 21:20:01 | 000,000,000 | ---D | C] MagicSoftware -> C:\Documents and Settings\All Users\Application Data\MagicSoftware -> [2011/04/27 21:19:29 | 000,000,000 | ---D | C] Magic DVD Ripper -> C:\Documents and Settings\All Users\Start Menu\Programs\Magic DVD Ripper -> [2011/04/27 21:19:29 | 000,000,000 | ---D | C] MagicDVDRipper -> C:\Program Files\MagicDVDRipper -> [2011/04/27 21:19:22 | 000,000,000 | ---D | C] CamStudio -> C:\Documents and Settings\All Users\Start Menu\Programs\CamStudio -> [2011/04/27 21:18:49 | 000,000,000 | ---D | C] CamStudio -> C:\Program Files\CamStudio -> [2011/04/27 21:18:44 | 000,000,000 | ---D | C] ExtractNow -> C:\Documents and Settings\All Users\Start Menu\Programs\ExtractNow -> [2011/04/27 21:18:29 | 000,000,000 | ---D | C] ExtractNow -> C:\Program Files\ExtractNow -> [2011/04/27 21:18:28 | 000,000,000 | ---D | C] CCleaner -> C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner -> [2011/04/27 21:16:36 | 000,000,000 | ---D | C] CCleaner -> C:\Program Files\CCleaner -> [2011/04/27 21:16:35 | 000,000,000 | ---D | C] Akamai -> C:\Program Files\Common Files\Akamai -> [2011/04/27 21:14:00 | 000,000,000 | ---D | C] Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy -> [2011/04/27 21:09:54 | 000,000,000 | ---D | C] Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2011/04/27 21:09:48 | 000,000,000 | ---D | C] Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2011/04/27 21:09:48 | 000,000,000 | ---D | C] Malwarebytes -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\Malwarebytes -> [2011/04/27 20:41:40 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2011/04/27 20:41:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/04/27 20:41:33 | 000,000,000 | ---D | C] Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2011/04/27 20:41:33 | 000,000,000 | ---D | C] mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2011/04/27 20:41:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/04/27 20:41:30 | 000,000,000 | ---D | C] Downloads -> C:\Documents and Settings\Administrator.ROMIONE\My Documents\Downloads -> [2011/04/27 20:40:58 | 000,000,000 | ---D | C] Mozilla -> C:\Documents and Settings\Administrator.ROMIONE\Local Settings\Application Data\Mozilla -> [2011/04/27 20:27:38 | 000,000,000 | ---D | C] Mozilla -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\Mozilla -> [2011/04/27 20:27:38 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [2011/04/27 20:12:58 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\SUPERAntiSpyware.com -> [2011/04/27 20:12:58 | 000,000,000 | ---D | C] Microsoft -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\Microsoft -> [2011/04/27 20:10:15 | 000,000,000 | --SD | C] Cookies -> C:\Documents and Settings\Administrator.ROMIONE\Cookies -> [2011/04/27 20:10:15 | 000,000,000 | --SD | C] SendTo -> C:\Documents and Settings\Administrator.ROMIONE\SendTo -> [2011/04/27 20:10:15 | 000,000,000 | RH-D | C] Application Data -> C:\Documents and Settings\Administrator.ROMIONE\Application Data -> [2011/04/27 20:10:15 | 000,000,000 | RH-D | C] Startup -> C:\Documents and Settings\Administrator.ROMIONE\Start Menu\Programs\Startup -> [2011/04/27 20:10:15 | 000,000,000 | R--D | C] Start Menu -> C:\Documents and Settings\Administrator.ROMIONE\Start Menu -> [2011/04/27 20:10:15 | 000,000,000 | R--D | C] My Pictures -> C:\Documents and Settings\Administrator.ROMIONE\My Documents\My Pictures -> [2011/04/27 20:10:15 | 000,000,000 | R--D | C] My Music -> C:\Documents and Settings\Administrator.ROMIONE\My Documents\My Music -> [2011/04/27 20:10:15 | 000,000,000 | R--D | C] My Documents -> C:\Documents and Settings\Administrator.ROMIONE\My Documents -> [2011/04/27 20:10:15 | 000,000,000 | R--D | C] Favorites -> C:\Documents and Settings\Administrator.ROMIONE\Favorites -> [2011/04/27 20:10:15 | 000,000,000 | R--D | C] Accessories -> C:\Documents and Settings\Administrator.ROMIONE\Start Menu\Programs\Accessories -> [2011/04/27 20:10:15 | 000,000,000 | R--D | C] Templates -> C:\Documents and Settings\Administrator.ROMIONE\Templates -> [2011/04/27 20:10:15 | 000,000,000 | -H-D | C] PrintHood -> C:\Documents and Settings\Administrator.ROMIONE\PrintHood -> [2011/04/27 20:10:15 | 000,000,000 | -H-D | C] NetHood -> C:\Documents and Settings\Administrator.ROMIONE\NetHood -> [2011/04/27 20:10:15 | 000,000,000 | -H-D | C] Local Settings -> C:\Documents and Settings\Administrator.ROMIONE\Local Settings -> [2011/04/27 20:10:15 | 000,000,000 | -H-D | C] SampleView -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\SampleView -> [2011/04/27 20:10:15 | 000,000,000 | ---D | C] Microsoft -> C:\Documents and Settings\Administrator.ROMIONE\Local Settings\Application Data\Microsoft -> [2011/04/27 20:10:15 | 000,000,000 | ---D | C] McAfee -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\McAfee -> [2011/04/27 20:10:15 | 000,000,000 | ---D | C] Identities -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\Identities -> [2011/04/27 20:10:15 | 000,000,000 | ---D | C] Desktop -> C:\Documents and Settings\Administrator.ROMIONE\Desktop -> [2011/04/27 20:10:15 | 000,000,000 | ---D | C] aswSP.sys -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2011/04/27 00:17:50 | 000,307,288 | ---- | C] (AVAST Software) aswFsBlk.sys -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2011/04/27 00:17:50 | 000,019,544 | ---- | C] (AVAST Software) avast! Internet Security -> C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security -> [2011/04/27 00:17:50 | 000,000,000 | ---D | C] aswFW.sys -> C:\WINDOWS\System32\drivers\aswFW.sys -> [2011/04/27 00:17:48 | 000,102,232 | ---- | C] (AVAST Software) aswSnx.sys -> C:\WINDOWS\System32\drivers\aswSnx.sys -> [2011/04/27 00:17:35 | 000,441,176 | ---- | C] (AVAST Software) aswNdis2.sys -> C:\WINDOWS\System32\drivers\aswNdis2.sys -> [2011/04/27 00:17:35 | 000,192,984 | ---- | C] (AVAST Software) aswTdi.sys -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2011/04/27 00:17:35 | 000,049,240 | ---- | C] (AVAST Software) aswRdr.sys -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2011/04/27 00:17:35 | 000,025,432 | ---- | C] (AVAST Software) aswmon2.sys -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2011/04/27 00:17:34 | 000,102,488 | ---- | C] (AVAST Software) aswmon.sys -> C:\WINDOWS\System32\drivers\aswmon.sys -> [2011/04/27 00:17:34 | 000,096,344 | ---- | C] (AVAST Software) aavmker4.sys -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2011/04/27 00:17:34 | 000,030,680 | ---- | C] (AVAST Software) igfxres.dll -> C:\WINDOWS\System32\igfxres.dll -> [2011/04/27 00:17:24 | 000,159,744 | ---- | C] (Intel Corporation) avastSS.scr -> C:\WINDOWS\avastSS.scr -> [2011/04/27 00:17:07 | 000,040,112 | ---- | C] (AVAST Software) aswNdis.sys -> C:\WINDOWS\System32\drivers\aswNdis.sys -> [2011/04/27 00:17:07 | 000,012,112 | ---- | C] (ALWIL Software) aswBoot.exe -> C:\WINDOWS\System32\aswBoot.exe -> [2011/04/27 00:17:06 | 000,199,304 | ---- | C] (AVAST Software) AVAST Software -> C:\Program Files\AVAST Software -> [2011/04/27 00:16:50 | 000,000,000 | ---D | C] AVAST Software -> C:\Documents and Settings\All Users\Application Data\AVAST Software -> [2011/04/27 00:16:50 | 000,000,000 | ---D | C] Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2011/04/27 00:14:38 | 000,000,000 | ---D | C] Lang -> C:\WINDOWS\System32\Lang -> [2011/04/27 00:07:56 | 000,000,000 | ---D | C] SoftwareDistribution -> C:\WINDOWS\System32\SoftwareDistribution -> [2011/04/27 00:01:17 | 000,000,000 | ---D | C] CyberLink PowerDVD -> C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDVD -> [2011/04/26 22:17:06 | 000,000,000 | ---D | C] CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink -> [2011/04/26 22:17:05 | 000,000,000 | ---D | C] CyberLink -> C:\Program Files\CyberLink -> [2011/04/26 22:17:02 | 000,000,000 | ---D | C] RegisteredPackages -> C:\WINDOWS\RegisteredPackages -> [2011/04/26 22:16:05 | 000,000,000 | ---D | C] POWERCFG.EXE -> C:\WINDOWS\POWERCFG.EXE -> [2011/04/26 22:14:38 | 000,067,072 | ---- | C] (Microsoft Corporation) McAfee -> C:\Program Files\Common Files\McAfee -> [2011/04/26 22:14:31 | 000,000,000 | ---D | C] McAfee -> C:\Documents and Settings\All Users\Application Data\McAfee -> [2011/04/26 22:14:31 | 000,000,000 | ---D | C] McAfee -> C:\Program Files\McAfee -> [2011/04/26 22:14:30 | 000,000,000 | ---D | C] McAfee -> C:\Documents and Settings\All Users\Start Menu\Programs\McAfee -> [2011/04/26 22:14:28 | 000,000,000 | ---D | C] McAfee.com -> C:\Documents and Settings\All Users\Application Data\McAfee.com -> [2011/04/26 22:14:24 | 000,000,000 | ---D | C] mcinsctl.dll -> C:\WINDOWS\System32\mcinsctl.dll -> [2011/04/26 22:14:16 | 000,341,064 | ---- | C] (McAfee, Inc) mcgdmgr.dll -> C:\WINDOWS\System32\mcgdmgr.dll -> [2011/04/26 22:14:16 | 000,279,624 | ---- | C] (McAfee, Inc) McAfee.com -> C:\Program Files\McAfee.com -> [2011/04/26 22:14:16 | 000,000,000 | ---D | C] MSN Encarta Plus -> C:\Documents and Settings\All Users\Start Menu\Programs\MSN Encarta Plus -> [2011/04/26 22:12:49 | 000,000,000 | ---D | C] MSN Encarta Plus -> C:\Program Files\MSN Encarta Plus -> [2011/04/26 22:12:47 | 000,000,000 | ---D | C] Microsoft Money 2005 -> C:\Program Files\Microsoft Money 2005 -> [2011/04/26 22:11:10 | 000,000,000 | ---D | C] Marker32.exe -> C:\WINDOWS\System32\Marker32.exe -> [2011/04/26 22:04:15 | 000,020,480 | ---- | C] (Gateway) Google -> C:\Program Files\Google -> [2011/04/26 22:02:14 | 000,000,000 | ---D | C] BigFixClientOverride.dll -> C:\WINDOWS\BigFixClientOverride.dll -> [2011/04/26 22:01:59 | 000,017,956 | ---- | C] (BigFix, Inc.) BigFix -> C:\Program Files\BigFix -> [2011/04/26 22:01:59 | 000,000,000 | ---D | C] BigFix -> C:\Documents and Settings\All Users\Start Menu\Programs\BigFix -> [2011/04/26 22:01:59 | 000,000,000 | ---D | C] UNNeroBurnRights.exe -> C:\WINDOWS\UNNeroBurnRights.exe -> [2011/04/26 22:01:49 | 001,658,880 | ---- | C] (Ahead Software AG) NeroBurnRights.cpl -> C:\WINDOWS\System32\NeroBurnRights.cpl -> [2011/04/26 22:01:49 | 000,057,344 | ---- | C] (Ahead Software AG) NeroCo.dll -> C:\WINDOWS\System32\NeroCo.dll -> [2011/04/26 22:01:49 | 000,053,248 | ---- | C] (Ahead Software AG im Stoeckmaedle 18 76307 Karlsbad, Germany Fax: ++49-7248-911-888 e-mail: [email protected]) Burn a CD or Data DVD -> C:\Documents and Settings\All Users\Start Menu\Programs\Burn a CD or Data DVD -> [2011/04/26 22:01:46 | 000,000,000 | ---D | C] TwnLib20.dll -> C:\WINDOWS\System32\TwnLib20.dll -> [2011/04/26 22:01:10 | 000,106,496 | ---- | C] (Pegasus Software) picn20.dll -> C:\WINDOWS\System32\picn20.dll -> [2011/04/26 22:01:10 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) imagr5.dll -> C:\WINDOWS\System32\imagr5.dll -> [2011/04/26 22:01:09 | 000,569,344 | ---- | C] (Pegasus Software,LLC) imagx5.dll -> C:\WINDOWS\System32\imagx5.dll -> [2011/04/26 22:01:09 | 000,544,768 | ---- | C] (Pegasus Software, LLC) ImagXpr5.dll -> C:\WINDOWS\System32\ImagXpr5.dll -> [2011/04/26 22:01:09 | 000,283,920 | ---- | C] (Pegasus Software, LLC) NeroCheck.exe -> C:\WINDOWS\System32\NeroCheck.exe -> [2011/04/26 22:01:09 | 000,155,648 | ---- | C] (Ahead Software Gmbh) Ahead -> C:\Program Files\Common Files\Ahead -> [2011/04/26 22:01:09 | 000,000,000 | ---D | C] Ahead -> C:\Program Files\Ahead -> [2011/04/26 22:01:05 | 000,000,000 | ---D | C] Pure Networks -> C:\Documents and Settings\All Users\Application Data\Pure Networks -> [2011/04/26 22:01:02 | 000,000,000 | ---D | C] MSComCt2.ocx -> C:\WINDOWS\System32\MSComCt2.ocx -> [2011/04/26 22:00:57 | 000,644,400 | ---- | C] (Microsoft Corporation) vbar332.dll -> C:\WINDOWS\System32\vbar332.dll -> [2011/04/26 22:00:57 | 000,368,912 | ---- | C] (Microsoft Corporation) RichTx32.ocx -> C:\WINDOWS\System32\RichTx32.ocx -> [2011/04/26 22:00:57 | 000,203,976 | ---- | C] (Microsoft Corporation) COMDLG32.OCX -> C:\WINDOWS\System32\COMDLG32.OCX -> [2011/04/26 22:00:57 | 000,140,288 | ---- | C] (Microsoft Corporation) Msstdfmt.dll -> C:\WINDOWS\System32\Msstdfmt.dll -> [2011/04/26 22:00:57 | 000,118,784 | ---- | C] (Microsoft Corporation) MSInet.ocx -> C:\WINDOWS\System32\MSInet.ocx -> [2011/04/26 22:00:57 | 000,115,016 | ---- | C] (Microsoft Corporation) SimpleRegistry.dll -> C:\WINDOWS\System32\SimpleRegistry.dll -> [2011/04/26 22:00:57 | 000,102,400 | ---- | C] (4Developers LLC) aamd532.dll -> C:\WINDOWS\System32\aamd532.dll -> [2011/04/26 22:00:57 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) occache -> C:\WINDOWS\occache -> [2011/04/26 22:00:55 | 000,000,000 | ---D | C] Learn2.com -> C:\Program Files\Learn2.com -> [2011/04/26 22:00:55 | 000,000,000 | ---D | C] shdocvw.bak -> C:\WINDOWS\System32\shdocvw.bak -> [2011/04/26 22:00:53 | 001,483,264 | ---- | C] (Microsoft Corporation) unvise32qt.exe -> C:\WINDOWS\unvise32qt.exe -> [2011/04/26 22:00:47 | 000,086,016 | ---- | C] (MindVision) QuickTime -> C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime -> [2011/04/26 22:00:45 | 000,000,000 | ---D | C] QuickTime -> C:\WINDOWS\System32\QuickTime -> [2011/04/26 22:00:43 | 000,000,000 | ---D | C] QuickTime -> C:\Program Files\QuickTime -> [2011/04/26 22:00:43 | 000,000,000 | ---D | C] QuickTime -> C:\Documents and Settings\All Users\Application Data\QuickTime -> [2011/04/26 22:00:43 | 000,000,000 | ---D | C] Nullsoft -> C:\Program Files\Common Files\Nullsoft -> [2011/04/26 22:00:40 | 000,000,000 | ---D | C] My Music -> C:\My Music -> [2011/04/26 22:00:36 | 000,000,000 | ---D | C] Real -> C:\Program Files\Common Files\Real -> [2011/04/26 22:00:34 | 000,000,000 | ---D | C] AOL Downloads -> C:\Documents and Settings\All Users\Documents\AOL Downloads -> [2011/04/26 22:00:21 | 000,000,000 | ---D | C] roboex32.dll -> C:\WINDOWS\System32\roboex32.dll -> [2011/04/26 22:00:19 | 001,044,480 | ---- | C] (eHelp Corporation.) Inetwh32.dll -> C:\WINDOWS\System32\Inetwh32.dll -> [2011/04/26 22:00:19 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) popup.ocx -> C:\WINDOWS\System32\popup.ocx -> [2011/04/26 22:00:19 | 000,029,184 | ---- | C] (Blue Sky Software) AOL -> C:\Documents and Settings\All Users\Application Data\AOL -> [2011/04/26 22:00:05 | 000,000,000 | ---D | C] AOL -> C:\Program Files\Common Files\AOL -> [2011/04/26 21:59:58 | 000,000,000 | ---D | C] Microsoft Picture It! 10 -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Picture It! 10 -> [2011/04/26 21:59:51 | 000,000,000 | ---D | C] Microsoft Picture It! 10 -> C:\Program Files\Microsoft Picture It! 10 -> [2011/04/26 21:59:41 | 000,000,000 | ---D | C] Intel -> C:\Program Files\Intel -> [2011/04/26 21:59:29 | 000,000,000 | ---D | C] ReinstallBackups -> C:\WINDOWS\System32\ReinstallBackups -> [2011/04/26 21:58:40 | 000,000,000 | ---D | C] ksproxy.ax -> C:\WINDOWS\System32\ksproxy.ax -> [2011/04/26 21:58:05 | 000,130,048 | ---- | C] (Microsoft Corporation) ksproxy.ax -> C:\WINDOWS\System32\dllcache\ksproxy.ax -> [2011/04/26 21:58:05 | 000,130,048 | ---- | C] (Microsoft Corporation) drmk.sys -> C:\WINDOWS\System32\drivers\drmk.sys -> [2011/04/26 21:58:05 | 000,060,288 | ---- | C] (Microsoft Corporation) drmk.sys -> C:\WINDOWS\System32\dllcache\drmk.sys -> [2011/04/26 21:58:05 | 000,060,288 | ---- | C] (Microsoft Corporation) ksuser.dll -> C:\WINDOWS\System32\ksuser.dll -> [2011/04/26 21:58:05 | 000,004,096 | ---- | C] (Microsoft Corporation) ksuser.dll -> C:\WINDOWS\System32\dllcache\ksuser.dll -> [2011/04/26 21:58:05 | 000,004,096 | ---- | C] (Microsoft Corporation) ALCWZRD.EXE -> C:\WINDOWS\ALCWZRD.EXE -> [2011/04/26 21:57:59 | 002,559,488 | ---- | C] (RealTek Semicoductor Corp.) RTLCPL.EXE -> C:\WINDOWS\RTLCPL.EXE -> [2011/04/26 21:57:58 | 009,733,632 | ---- | C] (Realtek Semiconductor Corp.) RtkHDAud.sys -> C:\WINDOWS\System32\drivers\RtkHDAud.sys -> [2011/04/26 21:57:58 | 002,276,672 | ---- | C] (Realtek Semiconductor Corp.) ALSNDMGR.CPL -> C:\WINDOWS\System32\ALSNDMGR.CPL -> [2011/04/26 21:57:58 | 000,278,528 | ---- | C] (Realtek Semiconductor Corp.) SOUNDMAN.EXE -> C:\WINDOWS\SOUNDMAN.EXE -> [2011/04/26 21:57:58 | 000,077,824 | ---- | C] (Realtek Semiconductor Corp.) ALCMTR.EXE -> C:\WINDOWS\ALCMTR.EXE -> [2011/04/26 21:57:58 | 000,057,344 | ---- | C] (Realtek Semiconductor Corp.) Realtek -> C:\Program Files\Realtek -> [2011/04/26 21:57:57 | 000,000,000 | ---D | C] InstallShield Installation Information -> C:\Program Files\InstallShield Installation Information -> [2011/04/26 21:57:50 | 000,000,000 | -H-D | C] Digital Media Reader -> C:\Program Files\Digital Media Reader -> [2011/04/26 21:57:05 | 000,000,000 | ---D | C] InstallShield -> C:\Program Files\Common Files\InstallShield -> [2011/04/26 21:57:02 | 000,000,000 | ---D | C] Downloaded Installations -> C:\WINDOWS\Downloaded Installations -> [2011/04/26 21:57:02 | 000,000,000 | ---D | C] jpicpl32.cpl -> C:\WINDOWS\System32\jpicpl32.cpl -> [2011/04/26 21:56:53 | 000,053,352 | ---- | C] (Sun Microsystems) Java -> C:\Program Files\Java -> [2011/04/26 21:56:49 | 000,000,000 | ---D | C] Java -> C:\Program Files\Common Files\Java -> [2011/04/26 21:56:49 | 000,000,000 | ---D | C] Gateway Documentation -> C:\Documents and Settings\All Users\Start Menu\Programs\Gateway Documentation -> [2011/04/26 21:56:45 | 000,000,000 | --SD | C] Microsoft Works -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works -> [2011/04/26 21:56:45 | 000,000,000 | ---D | C] msvcp70.dll -> C:\WINDOWS\System32\msvcp70.dll -> [2011/04/26 21:56:41 | 000,487,424 | R--- | C] (Microsoft Corporation) msvcr70.dll -> C:\WINDOWS\System32\msvcr70.dll -> [2011/04/26 21:56:41 | 000,344,064 | R--- | C] (Microsoft Corporation) PCDLIB32.DLL -> C:\WINDOWS\System32\PCDLIB32.DLL -> [2011/04/26 21:56:41 | 000,212,480 | R--- | C] (Eastman Kodak) msxml4r.dll -> C:\WINDOWS\System32\msxml4r.dll -> [2011/04/26 21:56:41 | 000,082,432 | ---- | C] (Microsoft Corporation) PUBOLE32.DLL -> C:\WINDOWS\System32\PUBOLE32.DLL -> [2011/04/26 21:56:41 | 000,076,288 | R--- | C] (Microsoft Corporation) ochlp30e.dll -> C:\WINDOWS\System32\ochlp30e.dll -> [2011/04/26 21:56:41 | 000,037,888 | R--- | C] (Microsoft Corporation) Ltwvc11n.dll -> C:\WINDOWS\System32\Ltwvc11n.dll -> [2011/04/26 21:56:40 | 000,716,288 | R--- | C] (LEAD Technologies, Inc.) LTKRN11N.DLL -> C:\WINDOWS\System32\LTKRN11N.DLL -> [2011/04/26 21:56:40 | 000,392,192 | ---- | C] (LEAD Technologies, Inc.) LFCMP11n.DLL -> C:\WINDOWS\System32\LFCMP11n.DLL -> [2011/04/26 21:56:40 | 000,285,184 | ---- | C] (LEAD Technologies, Inc.) LTDIS11n.dll -> C:\WINDOWS\System32\LTDIS11n.dll -> [2011/04/26 21:56:40 | 000,262,656 | ---- | C] (LEAD Technologies, Inc.) Lfpng11n.dll -> C:\WINDOWS\System32\Lfpng11n.dll -> [2011/04/26 21:56:40 | 000,172,032 | R--- | C] (LEAD Technologies, Inc.) LFTIF11N.DLL -> C:\WINDOWS\System32\LFTIF11N.DLL -> [2011/04/26 21:56:40 | 000,152,064 | ---- | C] (LEAD Technologies, Inc.) mfcans32.dll -> C:\WINDOWS\System32\mfcans32.dll -> [2011/04/26 21:56:40 | 000,133,904 | R--- | C] (Microsoft Corporation) LTIMG11N.DLL -> C:\WINDOWS\System32\LTIMG11N.DLL -> [2011/04/26 21:56:40 | 000,127,488 | ---- | C] (LEAD Technologies, Inc.) ltfil11n.DLL -> C:\WINDOWS\System32\ltfil11n.DLL -> [2011/04/26 21:56:40 | 000,118,784 | R--- | C] (LEAD Technologies, Inc.) msls2.dll -> C:\WINDOWS\System32\msls2.dll -> [2011/04/26 21:56:40 | 000,091,136 | R--- | C] (Microsoft Corporation) LFFAX11N.DLL -> C:\WINDOWS\System32\LFFAX11N.DLL -> [2011/04/26 21:56:40 | 000,081,408 | ---- | C] (LEAD Technologies, Inc.) LFWMF11N.DLL -> C:\WINDOWS\System32\LFWMF11N.DLL -> [2011/04/26 21:56:40 | 000,059,392 | ---- | C] (LEAD Technologies, Inc.) LFPSD11N.DLL -> C:\WINDOWS\System32\LFPSD11N.DLL -> [2011/04/26 21:56:40 | 000,056,320 | ---- | C] (LEAD Technologies, Inc.) msvci70.dll -> C:\WINDOWS\System32\msvci70.dll -> [2011/04/26 21:56:40 | 000,054,784 | R--- | C] (Microsoft Corporation) lfgif11n.dll -> C:\WINDOWS\System32\lfgif11n.dll -> [2011/04/26 21:56:40 | 000,041,472 | R--- | C] (LEAD Technologies, Inc.) LFBMP11N.DLL -> C:\WINDOWS\System32\LFBMP11N.DLL -> [2011/04/26 21:56:40 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) LFPCX11N.DLL -> C:\WINDOWS\System32\LFPCX11N.DLL -> [2011/04/26 21:56:40 | 000,033,280 | ---- | C] (LEAD Technologies, Inc.) hlp95en.dll -> C:\WINDOWS\System32\hlp95en.dll -> [2011/04/26 21:56:40 | 000,031,744 | R--- | C] (Microsoft Corporation) LFEPS11N.DLL -> C:\WINDOWS\System32\LFEPS11N.DLL -> [2011/04/26 21:56:40 | 000,031,232 | ---- | C] (LEAD Technologies, Inc.) LFTGA11N.DLL -> C:\WINDOWS\System32\LFTGA11N.DLL -> [2011/04/26 21:56:40 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) LFPCD11N.DLL -> C:\WINDOWS\System32\LFPCD11N.DLL -> [2011/04/26 21:56:40 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) mfcuia32.dll -> C:\WINDOWS\System32\mfcuia32.dll -> [2011/04/26 21:56:40 | 000,005,632 | R--- | C] (Microsoft Corporation) Microsoft Works -> C:\Program Files\Microsoft Works -> [2011/04/26 21:56:26 | 000,000,000 | ---D | C] Microsoft Office -> C:\Program Files\Microsoft Office -> [2011/04/26 21:56:26 | 000,000,000 | ---D | C] Prism Deploy -> C:\Documents and Settings\All Users\Application Data\Prism Deploy -> [2011/04/26 21:54:20 | 000,000,000 | ---D | C] New Boundary -> C:\Program Files\Common Files\New Boundary -> [2011/04/26 21:54:19 | 000,000,000 | ---D | C] Norton Internet Security -> C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security -> [2011/04/26 21:50:51 | 000,000,000 | ---D | C] Norton Internet Security -> C:\Program Files\Norton Internet Security -> [2011/04/26 21:50:29 | 000,000,000 | ---D | C] SYMEVENT.SYS -> C:\WINDOWS\System32\drivers\SYMEVENT.SYS -> [2011/04/26 21:49:22 | 000,104,144 | ---- | C] (Symantec Corporation) S32EVNT1.DLL -> C:\WINDOWS\System32\S32EVNT1.DLL -> [2011/04/26 21:49:22 | 000,083,168 | ---- | C] (Symantec Corporation) capicom.dll -> C:\WINDOWS\System32\capicom.dll -> [2011/04/26 21:49:21 | 000,466,944 | ---- | C] (Microsoft Corporation) Symantec -> C:\Program Files\Symantec -> [2011/04/26 21:49:21 | 000,000,000 | ---D | C] Symantec -> C:\Documents and Settings\All Users\Application Data\Symantec -> [2011/04/26 21:49:19 | 000,000,000 | ---D | C] Symantec Shared -> C:\Program Files\Common Files\Symantec Shared -> [2011/04/26 21:49:17 | 000,000,000 | ---D | C] assembly -> C:\WINDOWS\assembly -> [2011/04/26 21:48:42 | 000,000,000 | R-SD | C] URTTemp -> C:\WINDOWS\System32\URTTemp -> [2011/04/26 21:48:42 | 000,000,000 | ---D | C] Microsoft.NET -> C:\WINDOWS\Microsoft.NET -> [2011/04/26 21:48:42 | 000,000,000 | ---D | C] System Recovery -> C:\Documents and Settings\All Users\Start Menu\Programs\System Recovery -> [2011/04/26 21:48:38 | 000,000,000 | ---D | C] 1394bus.sys -> C:\WINDOWS\System32\drivers\1394bus.sys -> [2011/04/26 21:46:55 | 000,053,248 | ---- | C] (Microsoft Corporation) enum1394.sys -> C:\WINDOWS\System32\drivers\enum1394.sys -> [2011/04/26 21:46:55 | 000,006,400 | ---- | C] (Microsoft Corporation) hccoin.dll -> C:\WINDOWS\System32\hccoin.dll -> [2011/04/26 21:46:21 | 000,007,168 | ---- | C] (Microsoft Corporation) System Volume Information -> C:\System Volume Information -> [2011/04/26 21:45:10 | 000,000,000 | -HSD | C] creator -> C:\WINDOWS\creator -> [2011/04/26 21:43:24 | 000,000,000 | ---D | C] HSF_DP.sys -> C:\WINDOWS\System32\drivers\HSF_DP.sys -> [2011/04/26 21:43:20 | 001,041,536 | ---- | C] (Conexant Systems, Inc.) HSF_CNXT.sys -> C:\WINDOWS\System32\drivers\HSF_CNXT.sys -> [2011/04/26 21:43:20 | 000,685,056 | ---- | C] (Conexant Systems, Inc.) HSFHWBS2.sys -> C:\WINDOWS\System32\drivers\HSFHWBS2.sys -> [2011/04/26 21:43:20 | 000,220,032 | ---- | C] (Conexant Systems, Inc.) Prounstl.exe -> C:\WINDOWS\System32\Prounstl.exe -> [2011/04/26 21:43:20 | 000,118,784 | ---- | C] (Intel Corporation) mdmxsdk.dll -> C:\WINDOWS\System32\mdmxsdk.dll -> [2011/04/26 21:43:20 | 000,086,016 | ---- | C] (Conexant) HSFCI011.dll -> C:\WINDOWS\System32\HSFCI011.dll -> [2011/04/26 21:43:20 | 000,039,018 | ---- | C] (Conexant Systems, Inc.) IntelNic.dll -> C:\WINDOWS\System32\IntelNic.dll -> [2011/04/26 21:43:20 | 000,024,064 | ---- | C] (Intel Corporation) SMINST -> C:\WINDOWS\SMINST -> [2011/04/26 21:43:20 | 000,000,000 | ---D | C] Program Files -> C:\Program Files -> [2011/04/26 21:43:02 | 000,000,000 | R--D | C] Startup -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> [2011/04/26 21:42:56 | 000,000,000 | R--D | C] Games -> C:\Documents and Settings\All Users\Start Menu\Programs\Games -> [2011/04/26 21:42:56 | 000,000,000 | R--D | C] Administrative Tools -> C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools -> [2011/04/26 21:42:56 | 000,000,000 | R--D | C] Application Data -> C:\Documents and Settings\All Users\Application Data -> [2011/04/26 21:42:55 | 000,000,000 | RH-D | C] Start Menu -> C:\Documents and Settings\All Users\Start Menu -> [2011/04/26 21:42:55 | 000,000,000 | R--D | C] My Pictures -> C:\Documents and Settings\All Users\Documents\My Pictures -> [2011/04/26 21:42:55 | 000,000,000 | R--D | C] My Music -> C:\Documents and Settings\All Users\Documents\My Music -> [2011/04/26 21:42:55 | 000,000,000 | R--D | C] Documents -> C:\Documents and Settings\All Users\Documents -> [2011/04/26 21:42:55 | 000,000,000 | R--D | C] Accessories -> C:\Documents and Settings\All Users\Start Menu\Programs\Accessories -> [2011/04/26 21:42:55 | 000,000,000 | R--D | C] Offline Web Pages -> C:\WINDOWS\Offline Web Pages -> [2011/04/26 21:42:45 | 000,000,000 | R--D | C] dllcache -> C:\WINDOWS\System32\dllcache -> [2011/04/26 21:41:09 | 000,000,000 | RHSD | C] drvc.dll -> C:\WINDOWS\System32\drvc.dll -> [2004/11/24 15:25:52 | 000,335,872 | ---- | C] ( ) [Files/Folders - Modified Within 30 Days] bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/05/03 15:15:42 | 000,002,048 | --S- | M] () McAfee.com Update Check (ROMIONE-MsBigBad).job -> C:\WINDOWS\tasks\McAfee.com Update Check (ROMIONE-MsBigBad).job -> [2011/05/03 14:37:15 | 000,000,482 | ---- | M] () hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2011/04/30 22:42:51 | 000,000,027 | ---- | M] () boot.ini -> C:\boot.ini -> [2011/04/30 22:39:40 | 000,000,327 | RHS- | M] () housecall.guid.cache -> C:\Documents and Settings\Administrator.ROMIONE\Local Settings\Application Data\housecall.guid.cache -> [2011/04/30 20:52:33 | 000,000,036 | ---- | M] () BurnInTest.lnk -> C:\Documents and Settings\Administrator.ROMIONE\Desktop\BurnInTest.lnk -> [2011/04/30 20:23:22 | 000,000,609 | ---- | M] () imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2011/04/30 20:15:19 | 000,004,566 | ---- | M] () perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2011/04/30 20:15:17 | 000,380,350 | ---- | M] () perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2011/04/30 20:15:17 | 000,052,764 | ---- | M] () msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2011/04/30 19:57:24 | 000,000,002 | ---- | M] () Vuze.lnk -> C:\Documents and Settings\All Users\Desktop\Vuze.lnk -> [2011/04/27 21:25:41 | 000,001,505 | ---- | M] () PokerStars.lnk -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk -> [2011/04/27 21:22:48 | 000,000,754 | ---- | M] () PokerStars.lnk -> C:\Documents and Settings\All Users\Desktop\PokerStars.lnk -> [2011/04/27 21:22:48 | 000,000,736 | ---- | M] () FileZilla Client.lnk -> C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk -> [2011/04/27 21:21:42 | 000,001,663 | ---- | M] () Media Player Classic.lnk -> C:\Documents and Settings\Administrator.ROMIONE\Desktop\Media Player Classic.lnk -> [2011/04/27 21:20:07 | 000,000,755 | ---- | M] () Magic DVD Ripper.lnk -> C:\Documents and Settings\Administrator.ROMIONE\Desktop\Magic DVD Ripper.lnk -> [2011/04/27 21:19:29 | 000,000,690 | ---- | M] () CamStudio.lnk -> C:\Documents and Settings\All Users\Desktop\CamStudio.lnk -> [2011/04/27 21:18:49 | 000,000,689 | ---- | M] () ExtractNow.lnk -> C:\Documents and Settings\Administrator.ROMIONE\Desktop\ExtractNow.lnk -> [2011/04/27 21:18:29 | 000,000,706 | ---- | M] () CCleaner.lnk -> C:\Documents and Settings\All Users\Desktop\CCleaner.lnk -> [2011/04/27 21:16:36 | 000,000,682 | ---- | M] () Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2011/04/27 21:09:54 | 000,000,951 | ---- | M] () Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Administrator.ROMIONE\Desktop\Spybot - Search & Destroy.lnk -> [2011/04/27 21:09:54 | 000,000,933 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/04/27 20:41:34 | 000,000,784 | ---- | M] () avast! Internet Security.lnk -> C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk -> [2011/04/27 00:17:50 | 000,001,689 | ---- | M] () CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [2011/04/27 00:17:34 | 000,002,625 | ---- | M] () Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2011/04/27 00:14:41 | 000,000,724 | ---- | M] () wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/04/27 00:02:50 | 000,001,170 | ---- | M] () $winnt$.inf -> C:\WINDOWS\System32\$winnt$.inf -> [2011/04/27 00:02:41 | 000,000,038 | ---- | M] () Boot.bak -> C:\Boot.bak -> [2011/04/27 00:02:37 | 000,000,211 | ---- | M] () REGLOCS.OLD -> C:\WINDOWS\REGLOCS.OLD -> [2011/04/26 22:25:43 | 000,008,192 | ---- | M] () GATEWA_507GR__CAG5361020670.MRK -> C:\WINDOWS\System32\GATEWA_507GR__CAG5361020670.MRK -> [2011/04/26 22:23:52 | 000,000,000 | ---- | M] () $ncsp$.inf -> C:\WINDOWS\System32\$ncsp$.inf -> [2011/04/26 22:23:46 | 000,000,333 | ---- | M] () emver.ini -> C:\WINDOWS\System32\emver.ini -> [2011/04/26 22:20:44 | 000,000,463 | ---- | M] () oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2011/04/26 22:20:44 | 000,000,456 | ---- | M] () PowerDVD.lnk -> C:\Documents and Settings\All Users\Desktop\PowerDVD.lnk -> [2011/04/26 22:17:06 | 000,001,684 | ---- | M] () nscompat.tlb -> C:\WINDOWS\System32\nscompat.tlb -> [2011/04/26 22:16:36 | 000,023,392 | ---- | M] () amcompat.tlb -> C:\WINDOWS\System32\amcompat.tlb -> [2011/04/26 22:16:36 | 000,016,832 | ---- | M] () WMSysPr9.prx -> C:\WINDOWS\WMSysPr9.prx -> [2011/04/26 22:16:18 | 000,316,640 | ---- | M] () FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011/04/26 22:03:17 | 000,205,712 | ---- | M] () BigFix.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk -> [2011/04/26 22:01:59 | 000,001,538 | ---- | M] () IPH.PH -> C:\IPH.PH -> [2011/04/26 22:01:03 | 000,000,847 | -H-- | M] () nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2011/04/26 21:59:57 | 000,000,335 | ---- | M] () jpicpl32.cpl -> C:\WINDOWS\System32\jpicpl32.cpl -> [2011/04/26 21:56:50 | 000,053,352 | ---- | M] (Sun Microsystems) javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2011/04/26 21:56:50 | 000,028,768 | ---- | M] () java.exe -> C:\WINDOWS\System32\java.exe -> [2011/04/26 21:56:50 | 000,024,670 | ---- | M] () VGASwitcher.lnk -> C:\WINDOWS\System32\VGASwitcher.lnk -> [2011/04/26 21:49:16 | 000,000,867 | ---- | M] () SYSDRV.DAT -> C:\WINDOWS\System32\SYSDRV.DAT -> [2011/04/26 21:43:29 | 000,000,060 | ---- | M] () avastSS.scr -> C:\WINDOWS\avastSS.scr -> [2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) aswBoot.exe -> C:\WINDOWS\System32\aswBoot.exe -> [2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) aswFW.sys -> C:\WINDOWS\System32\drivers\aswFW.sys -> [2011/04/18 13:18:45 | 000,102,232 | ---- | M] (AVAST Software) aswSnx.sys -> C:\WINDOWS\System32\drivers\aswSnx.sys -> [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) aswSP.sys -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) aswNdis2.sys -> C:\WINDOWS\System32\drivers\aswNdis2.sys -> [2011/04/18 13:17:20 | 000,192,984 | ---- | M] (AVAST Software) aswTdi.sys -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) aswmon2.sys -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) aswmon.sys -> C:\WINDOWS\System32\drivers\aswmon.sys -> [2011/04/18 13:16:02 | 000,096,344 | ---- | M] (AVAST Software) aswRdr.sys -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) aavmker4.sys -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) aswFsBlk.sys -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) aswNdis.sys -> C:\WINDOWS\System32\drivers\aswNdis.sys -> [2011/04/18 12:49:53 | 000,012,112 | ---- | M] (ALWIL Software) [Files - No Company Name] McAfee.com Update Check (ROMIONE-MsBigBad).job -> C:\WINDOWS\tasks\McAfee.com Update Check (ROMIONE-MsBigBad).job -> [2011/04/30 23:13:58 | 000,000,482 | ---- | C] () Boot.bak -> C:\Boot.bak -> [2011/04/30 22:39:40 | 000,000,211 | ---- | C] () cmldr -> C:\cmldr -> [2011/04/30 22:39:37 | 000,260,272 | RHS- | C] () PEV.exe -> C:\WINDOWS\PEV.exe -> [2011/04/30 22:38:58 | 000,256,512 | ---- | C] () sed.exe -> C:\WINDOWS\sed.exe -> [2011/04/30 22:38:58 | 000,098,816 | ---- | C] () MBR.exe -> C:\WINDOWS\MBR.exe -> [2011/04/30 22:38:58 | 000,089,088 | ---- | C] () grep.exe -> C:\WINDOWS\grep.exe -> [2011/04/30 22:38:58 | 000,080,412 | ---- | C] () zip.exe -> C:\WINDOWS\zip.exe -> [2011/04/30 22:38:58 | 000,068,096 | ---- | C] () housecall.guid.cache -> C:\Documents and Settings\Administrator.ROMIONE\Local Settings\Application Data\housecall.guid.cache -> [2011/04/30 20:52:33 | 000,000,036 | ---- | C] () BurnInTest.lnk -> C:\Documents and Settings\Administrator.ROMIONE\Desktop\BurnInTest.lnk -> [2011/04/30 20:23:22 | 000,000,609 | ---- | C] () imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2011/04/30 20:14:55 | 000,004,566 | ---- | C] () msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2011/04/30 19:57:24 | 000,000,002 | ---- | C] () Vuze.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk -> [2011/04/27 21:25:41 | 000,001,505 | ---- | C] () Vuze.lnk -> C:\Documents and Settings\All Users\Desktop\Vuze.lnk -> [2011/04/27 21:25:41 | 000,001,505 | ---- | C] () PokerStars.lnk -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk -> [2011/04/27 21:22:48 | 000,000,754 | ---- | C] () PokerStars.lnk -> C:\Documents and Settings\All Users\Desktop\PokerStars.lnk -> [2011/04/27 21:22:48 | 000,000,736 | ---- | C] () FileZilla Client.lnk -> C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk -> [2011/04/27 21:21:42 | 000,001,663 | ---- | C] () ac3filter.acm -> C:\WINDOWS\System32\ac3filter.acm -> [2011/04/27 21:20:07 | 000,421,888 | ---- | C] () Media Player Classic.lnk -> C:\Documents and Settings\Administrator.ROMIONE\Desktop\Media Player Classic.lnk -> [2011/04/27 21:20:07 | 000,000,755 | ---- | C] () Magic DVD Ripper.lnk -> C:\Documents and Settings\Administrator.ROMIONE\Desktop\Magic DVD Ripper.lnk -> [2011/04/27 21:19:29 | 000,000,690 | ---- | C] () CamStudio.lnk -> C:\Documents and Settings\All Users\Desktop\CamStudio.lnk -> [2011/04/27 21:18:49 | 000,000,689 | ---- | C] () ExtractNow.lnk -> C:\Documents and Settings\Administrator.ROMIONE\Desktop\ExtractNow.lnk -> [2011/04/27 21:18:29 | 000,000,706 | ---- | C] () CCleaner.lnk -> C:\Documents and Settings\All Users\Desktop\CCleaner.lnk -> [2011/04/27 21:16:36 | 000,000,682 | ---- | C] () Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2011/04/27 21:09:54 | 000,000,951 | ---- | C] () Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Administrator.ROMIONE\Desktop\Spybot - Search & Destroy.lnk -> [2011/04/27 21:09:54 | 000,000,933 | ---- | C] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/04/27 20:41:34 | 000,000,784 | ---- | C] () Show Desktop.scf -> C:\Documents and Settings\Administrator.ROMIONE\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf -> [2011/04/27 20:10:16 | 000,000,079 | ---- | C] () Remote Assistance.lnk -> C:\Documents and Settings\Administrator.ROMIONE\Start Menu\Programs\Remote Assistance.lnk -> [2011/04/27 20:10:15 | 000,001,599 | ---- | C] () avast! Internet Security.lnk -> C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk -> [2011/04/27 00:17:50 | 000,001,689 | ---- | C] () Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk -> [2011/04/27 00:14:41 | 000,000,730 | ---- | C] () Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2011/04/27 00:14:41 | 000,000,724 | ---- | C] () REGLOCS.OLD -> C:\WINDOWS\REGLOCS.OLD -> [2011/04/26 22:25:43 | 000,008,192 | ---- | C] () GATEWA_507GR__CAG5361020670.MRK -> C:\WINDOWS\System32\GATEWA_507GR__CAG5361020670.MRK -> [2011/04/26 22:23:52 | 000,000,000 | ---- | C] () $ncsp$.inf -> C:\WINDOWS\System32\$ncsp$.inf -> [2011/04/26 22:23:46 | 000,000,333 | ---- | C] () Gateway.bmp -> C:\WINDOWS\Gateway.bmp -> [2011/04/26 22:18:55 | 000,181,938 | ---- | C] () PowerDVD.lnk -> C:\Documents and Settings\All Users\Desktop\PowerDVD.lnk -> [2011/04/26 22:17:06 | 000,001,684 | ---- | C] () Microsoft Money 2005.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2005.lnk -> [2011/04/26 22:11:46 | 000,001,004 | ---- | C] () zHotkey.exe -> C:\WINDOWS\zHotkey.exe -> [2011/04/26 22:04:19 | 000,543,232 | ---- | C] () PIC.dll -> C:\WINDOWS\PIC.dll -> [2011/04/26 22:04:19 | 000,532,544 | ---- | C] () ShowWnd.exe -> C:\WINDOWS\ShowWnd.exe -> [2011/04/26 22:04:19 | 000,036,864 | ---- | C] () hotbtnv.vxd -> C:\WINDOWS\hotbtnv.vxd -> [2011/04/26 22:04:19 | 000,005,280 | ---- | C] () mHotkey.reg -> C:\WINDOWS\mHotkey.reg -> [2011/04/26 22:04:19 | 000,003,926 | ---- | C] () HKNTDLL.dll -> C:\WINDOWS\HKNTDLL.dll -> [2011/04/26 22:04:18 | 000,024,576 | ---- | C] () wallpg.exe -> C:\WINDOWS\wallpg.exe -> [2011/04/26 22:03:54 | 000,471,298 | ---- | C] () OEMLOGO.bmp -> C:\WINDOWS\System32\OEMLOGO.bmp -> [2011/04/26 22:03:54 | 000,051,656 | ---- | C] () Norton Security Center.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Center.lnk -> [2011/04/26 22:02:26 | 000,001,073 | ---- | C] () BigFix.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk -> [2011/04/26 22:01:59 | 000,001,538 | ---- | C] () UNNeroBurnRights.cfg -> C:\WINDOWS\UNNeroBurnRights.cfg -> [2011/04/26 22:01:49 | 000,023,512 | ---- | C] () IPH.PH -> C:\IPH.PH -> [2011/04/26 21:59:58 | 000,000,847 | -H-- | C] () nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2011/04/26 21:59:57 | 000,000,335 | ---- | C] () RTCOMDLL.dll -> C:\WINDOWS\System32\RTCOMDLL.dll -> [2011/04/26 21:57:58 | 000,192,512 | ---- | C] () RTLCPAPI.dll -> C:\WINDOWS\System32\RTLCPAPI.dll -> [2011/04/26 21:57:58 | 000,156,160 | ---- | C] () ChCfg.exe -> C:\WINDOWS\System32\ChCfg.exe -> [2011/04/26 21:57:58 | 000,040,448 | ---- | C] () javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2011/04/26 21:56:53 | 000,028,768 | ---- | C] () java.exe -> C:\WINDOWS\System32\java.exe -> [2011/04/26 21:56:53 | 000,024,670 | ---- | C] () Microsoft Office PowerPoint Viewer 2003.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk -> [2011/04/26 21:56:45 | 000,001,961 | ---- | C] () Microsoft Works Task Launcher.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk -> [2011/04/26 21:56:45 | 000,001,878 | ---- | C] () SYSDRV.DAT -> C:\WINDOWS\System32\SYSDRV.DAT -> [2011/04/26 21:43:29 | 000,000,060 | ---- | C] () HSFProf.cty -> C:\WINDOWS\System32\drivers\HSFProf.cty -> [2011/04/26 21:43:20 | 000,129,045 | ---- | C] () e100bmsg.dll -> C:\WINDOWS\System32\e100bmsg.dll -> [2011/04/26 21:43:20 | 000,012,288 | ---- | C] () e100b325.din -> C:\WINDOWS\System32\e100b325.din -> [2011/04/26 21:43:20 | 000,005,110 | ---- | C] () libavcodec.dll -> C:\WINDOWS\System32\libavcodec.dll -> [2008/12/19 11:15:58 | 004,338,246 | ---- | C] () ff_x264.dll -> C:\WINDOWS\System32\ff_x264.dll -> [2008/12/17 13:41:18 | 000,884,237 | ---- | C] () ff_wmv9.dll -> C:\WINDOWS\System32\ff_wmv9.dll -> [2008/12/17 13:22:58 | 000,093,184 | ---- | C] () ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2008/12/17 13:22:48 | 000,057,344 | ---- | C] () ff_theora.dll -> C:\WINDOWS\System32\ff_theora.dll -> [2008/12/17 13:17:34 | 000,239,247 | ---- | C] () libmplayer.dll -> C:\WINDOWS\System32\libmplayer.dll -> [2008/12/17 12:59:54 | 000,560,802 | ---- | C] () sherlock2.exe -> C:\WINDOWS\System32\sherlock2.exe -> [2006/11/02 12:10:16 | 000,080,912 | ---- | C] () ff_mpeg2enc.dll -> C:\WINDOWS\System32\ff_mpeg2enc.dll -> [2004/10/03 13:50:54 | 000,129,024 | ---- | C] () smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2004/08/27 06:50:59 | 000,000,061 | ---- | C] () HotlineClient.exe -> C:\WINDOWS\System32\HotlineClient.exe -> [2004/08/27 05:54:47 | 000,516,096 | ---- | C] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2004/08/26 14:07:50 | 000,002,048 | --S- | C] () emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2004/08/26 14:01:37 | 000,021,640 | ---- | C] () emver.ini -> C:\WINDOWS\System32\emver.ini -> [2004/08/26 12:12:43 | 000,000,463 | ---- | C] () oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2004/08/26 12:12:43 | 000,000,456 | ---- | C] () secdrv.sys -> C:\WINDOWS\System32\drivers\secdrv.sys -> [2004/08/26 12:12:13 | 000,027,440 | ---- | C] () secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2004/08/26 12:12:13 | 000,004,569 | ---- | C] () perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2004/08/26 12:12:10 | 000,380,350 | ---- | C] () perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2004/08/26 12:12:10 | 000,272,128 | ---- | C] () perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2004/08/26 12:12:10 | 000,052,764 | ---- | C] () perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2004/08/26 12:12:10 | 000,028,626 | ---- | C] () oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2004/08/26 12:12:08 | 000,005,151 | ---- | C] () oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2004/08/26 12:12:07 | 013,107,200 | ---- | C] () noise.dat -> C:\WINDOWS\System32\noise.dat -> [2004/08/26 12:12:05 | 000,000,741 | ---- | C] () mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2004/08/26 12:12:00 | 000,673,088 | ---- | C] () mib.bin -> C:\WINDOWS\System32\mib.bin -> [2004/08/26 12:11:59 | 000,046,258 | ---- | C] () ieencode.dll -> C:\WINDOWS\System32\ieencode.dll -> [2004/08/26 12:11:56 | 000,081,920 | ---- | C] () dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2004/08/26 12:11:54 | 000,218,003 | ---- | C] () Dcache.bin -> C:\WINDOWS\System32\Dcache.bin -> [2004/08/26 12:11:46 | 000,001,788 | ---- | C] () ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/08/26 06:54:56 | 000,004,161 | ---- | C] () FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2004/08/26 06:54:01 | 000,205,712 | ---- | C] () < End of report >