Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Suspicious file running - C:\Program Files\btdna.exe

Started by adifrank , May 11 2011 07:27 PM

Please log in to reply

#1 $Suspicious file running - C:\Program Files\btdna.exe: post #1$
adifrank

Posted 11 May 2011 - 07:27 PM

Member

Member
226 posts

Description of problem
I recently made a clean installation of Windows XP.
Today, my firewall suddenly started warning me about an application called btdna.exe trying to access the internet.
I googled it and found only bad things related to btdna and strangely it has to do with some kind of torrent program. The thing is, I don't have any torrent program installed!
I located the file. It is sitting in a folder called DNA in C:\Program Files
In the DNA folder there's that btdna.exe and also a file called DNAcpl.cpl and a folder called "plugins". Inside the plugins folder there's one more file named npbtdna.dll
I also noticed that in Windows Task Manager - btdna was running. I checked the list of programs set to auto run on boot... and sure enough, it was there.

I'm pretty certain I've never installed this and I don't have Bit Torrent installed. And after reading dubious things about this app I decided I'd post here and make sure my computer is clean.

Things I've tried so far
1. I told Comodo Firewall to block btdna.exe
2. Then I quit the btdna.exe process in the Task Manager
3. Next I disabled btdna.exe from running on startup
4. The next step was to upload all three files in the DNA folder which I found in C:\Program Files to VirusTotal. Only the btdna.exe received one "suspicious" comment from one of a few dozen virus checks. So basically, you could say that the scans came up clean. I also ran a quick scan with MalwareBytes. That came up clean as well.
5. Using Revo Uninstaller, I located the DNA Bit Torrent Program and uninstalled it.
6. Following the instructions here on the forum I downloaded OTL by OldTimer and ran the quick scan. The results are pasted below.

OTL log
OTL logfile created on: 5/12/2011 2:53:42 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.89 Gb Total Space | 79.36 Gb Free Space | 90.30% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 121.66 Gb Free Space | 26.12% Space Free | Partition Type: NTFS
Drive M: | 698.64 Gb Total Space | 112.59 Gb Free Space | 16.12% Space Free | Partition Type: NTFS

Computer Name: BUSTIN-DATIRES | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 02:52:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/05/10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/09 23:17:34 | 002,552,648 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/05/09 09:38:44 | 001,779,792 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/05/04 01:42:12 | 024,172,208 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/04/14 18:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/04/03 14:05:46 | 000,380,928 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2009/10/26 07:33:42 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2002/12/31 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/05/12 02:52:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2011/05/10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/05/02 20:36:04 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/10/26 07:33:34 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/09 09:38:44 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/04/08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

========== Driver Services (SafeList) ==========

DRV - [2011/05/10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 14:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 13:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/07 16:17:56 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/05/02 20:36:54 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/05/02 20:36:52 | 000,242,472 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/03/24 10:57:54 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/03/24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/08/05 14:16:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/08/28 23:02:42 | 000,151,592 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2008/07/03 17:03:00 | 004,745,216 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2002/12/31 14:00:00 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 70 71 4B 11 10 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/11 23:53:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/11 23:43:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/12 00:48:56 | 000,000,000 | ---D | M]

[2011/05/11 23:43:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/05/12 00:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qspx4vgs.default\extensions
[2011/05/12 00:05:06 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qspx4vgs.default\extensions\[email protected]
[2011/05/12 00:42:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/12 00:42:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/11 23:53:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/05/12 00:42:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/11 21:43:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 18:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/11 21:59:43 | 000,000,781 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/11 21:32:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 02:52:27 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/05/12 02:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Launchy
[2011/05/12 02:24:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/12 02:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/05/12 02:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/05/12 02:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011/05/12 01:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EASEUS Partition Master 8.0.1 Home Edition
[2011/05/12 01:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011/05/12 01:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/12 01:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/05/12 01:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
[2011/05/12 01:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/05/12 01:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2011/05/12 01:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/05/12 00:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AC3Filter
[2011/05/12 00:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2011/05/12 00:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/05/12 00:51:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/12 00:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/12 00:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/12 00:51:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/12 00:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/12 00:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/05/12 00:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/05/12 00:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Dropbox
[2011/05/12 00:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2011/05/12 00:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Winamp Detector Plug-in
[2011/05/12 00:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2011/05/12 00:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2011/05/12 00:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/05/12 00:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Winamp
[2011/05/12 00:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
[2011/05/12 00:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2011/05/12 00:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2011/05/12 00:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/05/12 00:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/05/12 00:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2011/05/12 00:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Notepad++
[2011/05/12 00:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2011/05/12 00:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2011/05/12 00:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Launchy
[2011/05/12 00:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Launchy
[2011/05/12 00:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2011/05/12 00:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/05/12 00:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/05/12 00:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/12 00:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/05/12 00:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Revo Uninstaller
[2011/05/12 00:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/05/12 00:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/05/12 00:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/05/12 00:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/12 00:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/05/12 00:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2011/05/12 00:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/05/12 00:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/05/12 00:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2011/05/12 00:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/12 00:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/05/12 00:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/05/11 23:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/05/11 23:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/05/11 23:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2011/05/11 23:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/05/11 23:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/05/11 23:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/05/11 23:53:24 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/11 23:53:24 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/11 23:53:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/05/11 23:53:22 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/11 23:53:22 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/11 23:53:21 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/11 23:53:21 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/11 23:53:21 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/11 23:53:20 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/11 23:53:12 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/11 23:53:12 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/11 23:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/11 23:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/11 23:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/05/11 23:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/05/11 23:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/11 23:29:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011/05/11 23:26:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011/05/11 23:26:22 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2011/05/11 23:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/05/11 23:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/05/11 23:20:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/05/11 23:20:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/05/11 23:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/05/11 23:20:09 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/05/11 23:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/05/11 23:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/05/11 23:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/05/11 23:19:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/05/11 23:19:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/05/11 23:19:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/05/11 23:19:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/05/11 23:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/05/11 23:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/05/11 23:17:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/05/11 23:17:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/05/11 23:17:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/05/11 23:17:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/05/11 23:17:29 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/05/11 23:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/05/11 23:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2011/05/11 23:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2011/05/11 23:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/05/11 23:12:50 | 000,000,000 | --SD | C] -- C:\WINDOWS\Offline Web Pages
[2011/05/11 23:12:50 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/05/11 23:12:50 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/05/11 23:12:50 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/05/11 23:12:50 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/05/11 23:12:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/05/11 23:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Download Manager
[2011/05/11 22:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/05/11 22:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/05/11 22:30:35 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/05/11 22:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/05/11 22:19:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Atheros_L1e
[2011/05/11 22:19:00 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/05/11 22:17:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/05/11 22:11:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/05/11 22:11:22 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2011/05/11 22:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/05/11 22:11:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/05/11 22:11:08 | 000,000,000 | ---D | C] -- C:\Intel
[2011/05/11 21:56:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/05/11 21:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2011/05/11 21:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/05/11 21:43:20 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/05/11 21:39:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/05/11 21:39:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/05/11 21:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/05/11 21:37:44 | 002,129,408 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\python31.dll
[2011/05/11 21:37:44 | 001,017,344 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2011/05/11 21:37:44 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2011/05/11 21:37:44 | 000,312,848 | ---- | C] (AutoIt Team) -- C:\WINDOWS\System32\AutoItX3.dll
[2011/05/11 21:37:44 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2011/05/11 21:37:44 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libssl32.dll
[2011/05/11 21:37:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/05/11 21:37:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/05/11 21:37:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/05/11 21:37:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/05/11 21:37:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/05/11 21:37:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/05/11 21:37:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/05/11 21:37:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/05/11 21:37:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/05/11 21:37:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/05/11 21:37:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/05/11 21:37:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/05/11 21:37:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/05/11 21:37:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/05/11 21:37:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/05/11 21:37:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/05/11 21:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/05/11 21:37:10 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/05/11 21:37:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/05/11 21:37:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/05/11 21:37:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/05/11 21:37:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/05/11 21:37:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/05/11 21:35:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/05/11 21:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/05/11 21:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/05/11 21:33:16 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/05/11 21:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2011/05/11 21:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\hkSFV
[2011/05/11 21:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\hkSFV
[2011/05/11 21:31:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/05/11 21:31:24 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/05/11 21:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/05/11 21:30:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/05/11 21:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/05/11 21:30:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/05/11 21:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/05/11 21:30:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/05/11 21:30:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/05/11 21:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/05/11 21:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/05/11 21:30:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/05/11 21:30:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/05/11 21:30:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/05/11 21:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/05/11 21:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/05/11 21:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/05/11 21:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/05/11 21:29:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/05/11 21:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Unlocker
[2011/05/11 21:29:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/05/11 21:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/05/11 21:29:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/05/11 21:29:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/05/11 21:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/05/11 21:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Utilities
[2011/05/11 21:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/05/11 21:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Desktop
[2011/05/11 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/05/11 21:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\Utilities
[2011/05/11 21:28:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/05/11 21:28:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/05/11 21:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop
[2011/05/11 21:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/05/11 21:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/05/11 21:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/05/11 21:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/05/11 21:27:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/05/11 21:27:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/05/11 21:27:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/05/11 21:27:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/05/11 21:26:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/11 21:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/05/11 21:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/05/11 21:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\DNA
[2011/05/11 21:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DNA
[2011/05/11 21:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DNA
[2011/05/07 16:17:56 | 000,097,504 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/05/02 20:36:54 | 000,029,400 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/05/02 20:36:52 | 000,242,472 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/05/02 20:36:52 | 000,017,416 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/05/02 20:36:04 | 000,284,744 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/12 02:52:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/05/12 02:28:48 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/12 02:28:48 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/12 02:24:48 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/12 02:24:36 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/12 02:24:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/12 02:21:53 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/05/12 02:17:38 | 000,000,378 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Downloads.lnk
[2011/05/12 02:03:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/12 01:59:46 | 000,001,061 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EASEUS Partition Master 8.0.1 Home Edition.lnk
[2011/05/12 01:48:06 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/12 01:47:36 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2011/05/12 01:47:36 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2011/05/12 01:44:33 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/05/12 01:44:22 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2011/05/12 00:51:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/12 00:51:23 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/12 00:49:57 | 000,001,022 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/12 00:49:48 | 000,001,064 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Dropbox.lnk
[2011/05/12 00:48:56 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/05/12 00:48:56 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/05/12 00:45:02 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/12 00:45:02 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/05/12 00:44:38 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Notepad++.lnk
[2011/05/12 00:43:52 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Launchy.lnk
[2011/05/12 00:43:52 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Launchy.lnk
[2011/05/12 00:42:57 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla.lnk
[2011/05/12 00:42:37 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/12 00:42:25 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2011/05/12 00:22:13 | 000,000,501 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tweak UI.lnk
[2011/05/12 00:02:53 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpywareBlaster.lnk
[2011/05/11 23:55:02 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/05/11 23:55:02 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/11 23:53:24 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/11 23:53:21 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/11 23:43:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/05/11 23:43:15 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/11 23:43:15 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/11 23:29:12 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011/05/11 23:29:12 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011/05/11 23:20:19 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/05/11 23:15:53 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/05/11 23:15:53 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/05/11 22:30:43 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/11 22:30:43 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/11 22:30:41 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/11 22:30:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/05/11 22:11:01 | 000,001,769 | ---- | M] () -- C:\WINDOWS\Language_trs.ini
[2011/05/11 22:00:50 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/11 21:59:43 | 000,000,781 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/11 21:58:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/11 21:43:31 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/11 21:43:30 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/11 21:37:08 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/05/11 21:35:27 | 000,000,718 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/05/11 21:32:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/11 21:32:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/11 21:32:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/05/11 21:32:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/05/11 21:32:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/11 21:32:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/11 21:32:24 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/11 21:32:16 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/11 21:29:26 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/11 21:26:46 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/05/10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 14:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 14:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 13:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/07 16:17:56 | 000,097,504 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/05/02 20:36:54 | 000,029,400 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/05/02 20:36:52 | 000,242,472 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/05/02 20:36:52 | 000,017,416 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/05/02 20:36:04 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/12 02:21:53 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/05/12 02:17:40 | 000,000,378 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Downloads.lnk
[2011/05/12 01:59:46 | 002,340,992 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/05/12 01:59:46 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/05/12 01:59:46 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/05/12 01:59:46 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/05/12 01:59:46 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/05/12 01:59:46 | 000,001,061 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EASEUS Partition Master 8.0.1 Home Edition.lnk
[2011/05/12 01:48:06 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/12 01:47:36 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2011/05/12 01:47:36 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2011/05/12 01:44:33 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/05/12 01:44:22 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2011/05/12 00:57:23 | 000,497,664 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm
[2011/05/12 00:51:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/12 00:51:23 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/12 00:50:02 | 000,001,064 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Dropbox.lnk
[2011/05/12 00:49:57 | 000,001,022 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/12 00:48:56 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/05/12 00:48:56 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/05/12 00:48:17 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/05/12 00:45:02 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/12 00:45:02 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/05/12 00:44:39 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Notepad++.lnk
[2011/05/12 00:43:52 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Launchy.lnk
[2011/05/12 00:43:52 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Launchy.lnk
[2011/05/12 00:42:58 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla.lnk
[2011/05/12 00:42:37 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/12 00:42:25 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2011/05/12 00:22:13 | 000,000,501 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Tweak UI.lnk
[2011/05/12 00:21:02 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2011/05/12 00:02:53 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpywareBlaster.lnk
[2011/05/11 23:55:02 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/05/11 23:55:02 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/11 23:53:38 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/11 23:53:37 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/11 23:53:24 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/11 23:43:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/11 23:43:15 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/11 23:43:15 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/11 23:43:14 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/11 23:29:12 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011/05/11 23:29:12 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011/05/11 23:27:18 | 000,000,553 | ---- | C] () -- C:\WINDOWS\USetup.iss
[2011/05/11 23:20:19 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/05/11 23:20:18 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/11 23:20:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/11 23:19:57 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/05/11 23:18:10 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/05/11 23:18:10 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/05/11 23:18:10 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/05/11 23:18:10 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/05/11 23:18:10 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/05/11 23:18:10 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/05/11 23:18:10 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/05/11 23:18:10 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/05/11 23:18:10 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/05/11 23:18:10 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/05/11 23:18:10 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/05/11 23:18:10 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/05/11 23:18:10 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/05/11 23:18:10 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/05/11 23:18:10 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/05/11 23:18:10 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/05/11 23:18:10 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/05/11 23:18:09 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/05/11 23:18:09 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/05/11 23:17:28 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/11 23:15:53 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/05/11 23:15:53 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/05/11 23:15:47 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2011/05/11 23:15:44 | 000,000,718 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/05/11 22:30:41 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/11 22:30:41 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/11 22:30:41 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/11 22:30:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/05/11 22:30:35 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/05/11 22:30:35 | 000,003,629 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/05/11 22:11:01 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011/05/11 21:59:43 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts1.bak
[2011/05/11 21:43:31 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/11 21:43:30 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/11 21:43:30 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/05/11 21:43:22 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2011/05/11 21:37:44 | 000,921,665 | ---- | C] () -- C:\WINDOWS\System32\msvcrt-ruby18.dll
[2011/05/11 21:37:44 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\vbrun100.dll
[2011/05/11 21:37:44 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2011/05/11 21:37:43 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\pythonw.exe
[2011/05/11 21:37:43 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\python.exe
[2011/05/11 21:37:43 | 000,020,537 | ---- | C] () -- C:\WINDOWS\System32\rubyw.exe
[2011/05/11 21:37:43 | 000,020,536 | ---- | C] () -- C:\WINDOWS\System32\ruby.exe
[2011/05/11 21:37:20 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/05/11 21:37:20 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/05/11 21:37:08 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/05/11 21:35:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 21:32:33 | 000,002,625 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/11 21:32:33 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/05/11 21:32:33 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/05/11 21:32:33 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/05/11 21:32:33 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/05/11 21:32:25 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/11 21:32:25 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/11 21:32:24 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/11 21:31:23 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/05/11 21:30:49 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/05/11 21:30:49 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/05/11 21:29:49 | 000,001,455 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\ASPI Check.lnk
[2011/05/11 21:29:31 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/05/11 21:29:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/11 21:29:05 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/05/11 21:28:14 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/05/11 21:28:14 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/05/11 21:28:14 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/05/11 21:28:14 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/05/11 21:28:13 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/05/11 21:28:13 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/05/11 21:28:13 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/05/11 21:28:13 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/05/11 21:28:12 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/05/11 21:28:12 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/05/11 21:28:12 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/05/11 21:28:10 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/05/11 21:28:10 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/05/11 21:28:09 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/05/11 21:28:05 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2002/12/31 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/12/31 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/12/31 14:00:00 | 000,441,454 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/12/31 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/12/31 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/12/31 14:00:00 | 000,071,264 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/12/31 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/12/31 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/12/31 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/12/31 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/12/31 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2002/12/31 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/05/12 02:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DNA
[2011/05/12 02:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2011/05/11 23:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2011/05/12 02:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Launchy
[2011/05/12 00:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2011/05/11 23:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/12 00:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

========== Purity Check ==========

< End of report >

Edited by adifrank, 11 May 2011 - 07:46 PM.

#2 $Suspicious file running - C:\Program Files\btdna.exe: post #2$
RKinner

Posted 12 May 2011 - 12:10 AM

Malware Expert

Expert
24,748 posts

It looks like someone or some program installed a BitTorrent - 2011/05/11 21:25:39. Not something that malware usually does. Usually it's BitTorrent that delivers the malware. Your uninstaller didn't do a very good job. It's not running but there are 4 references to it that I can see. Let's see if we can make it go away.

Copy the text in the code box by highlighting and Ctrl + c



:OTL
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
[2011/05/11 21:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\DNA
[2011/05/11 21:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DNA
[2011/05/11 21:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DNA

:Files
C:\Program Files\DNA

     
:Commands
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Ron

#3 $Suspicious file running - C:\Program Files\btdna.exe: post #3$
adifrank

Posted 12 May 2011 - 09:50 AM

Member

Topic Starter
Member
226 posts

Hi Ron, thanks for replying.

I ran the fix and then the scan. I might mention that When running the fix I had Avast Antivirus and Comodo Firewall working. Comodo questioned a particular process related to OTL, I clicked "Allow". I hope that didn't interfere with anything.
Then Computer rebooted and when running the scan I made sure to disable both Avast and Comodo (Firewall, Defense Security Level and Sandbox).

Here are the logs:

OTL FIX

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA not found.
File C:\Program Files\DNA\btdna.exe not found.
Folder C:\Program Files\DNA\ not found.
Folder C:\Documents and Settings\Administrator\Local Settings\Application Data\DNA\ not found.
Folder C:\Documents and Settings\Administrator\Application Data\DNA\ not found.
========== FILES ==========
File\Folder C:\Program Files\DNA not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 226787976 bytes
->Temporary Internet Files folder emptied: 819334 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47768422 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 752 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 684020 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 25138 bytes

Total Files Cleaned = 264.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05122011_171618

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

OTL SCAN
OTL logfile created on: 5/12/2011 5:25:22 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.89 Gb Total Space | 79.85 Gb Free Space | 90.85% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 121.62 Gb Free Space | 26.11% Space Free | Partition Type: NTFS
Drive M: | 698.64 Gb Total Space | 130.61 Gb Free Space | 18.70% Space Free | Partition Type: NTFS

Computer Name: BUSTIN-DATIRES | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 02:52:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/05/10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/09 23:17:34 | 002,552,648 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/05/09 09:38:44 | 001,779,792 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/05/04 01:42:12 | 024,172,208 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/04/08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/04/03 14:05:46 | 000,380,928 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2009/10/26 07:33:42 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2002/12/31 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/05/12 02:52:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2011/05/10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/05/02 20:36:04 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/10/26 07:33:34 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/09 09:38:44 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/04/08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

========== Driver Services (SafeList) ==========

DRV - [2011/05/10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 14:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 13:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/07 16:17:56 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/05/02 20:36:54 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/05/02 20:36:52 | 000,242,472 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/03/24 10:57:54 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/03/24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/08/05 14:16:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/08/28 23:02:42 | 000,151,592 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2008/07/03 17:03:00 | 004,745,216 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2002/12/31 14:00:00 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 70 71 4B 11 10 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co...m/ig?refresh=1"
FF - prefs.js..keyword.URL: "http://www.google.co...lient&hl=en&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/11 23:53:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/11 23:43:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/12 00:48:56 | 000,000,000 | ---D | M]

[2011/05/11 23:43:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/05/12 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qspx4vgs.default\extensions
[2011/05/12 05:08:27 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qspx4vgs.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/05/12 09:15:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qspx4vgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/12 00:05:06 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qspx4vgs.default\extensions\[email protected]
[2011/05/12 00:42:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/12 00:42:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QSPX4VGS.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QSPX4VGS.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QSPX4VGS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QSPX4VGS.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QSPX4VGS.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QSPX4VGS.DEFAULT\EXTENSIONS\[email protected]
[2011/05/11 23:53:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/05/12 00:42:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/11 21:43:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 18:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/11 21:59:43 | 000,000,781 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/11 21:32:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 17:16:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/12 17:09:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/05/12 16:41:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/05/12 15:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GHISLER
[2011/05/12 15:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Total Commander
[2011/05/12 15:34:05 | 000,000,000 | ---D | C] -- C:\totalcmd
[2011/05/12 15:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GHISLER
[2011/05/12 09:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/05/12 07:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PFStaticIP
[2011/05/12 07:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Portforward.com
[2011/05/12 05:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2011/05/12 05:22:40 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2011/05/12 05:22:39 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2011/05/12 05:22:39 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2011/05/12 05:22:39 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2011/05/12 05:22:39 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2011/05/12 05:22:39 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2011/05/12 05:22:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2011/05/12 05:22:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2011/05/12 05:22:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2011/05/12 05:22:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2011/05/12 05:22:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2011/05/12 05:22:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2011/05/12 05:22:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2011/05/12 05:22:38 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Thawbrkr.dll
[2011/05/12 05:22:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2011/05/12 05:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdintel.dll
[2011/05/12 05:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinkan.dll
[2011/05/12 05:22:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinguj.dll
[2011/05/12 05:22:38 | 000,005,120 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgeo.dll
[2011/05/12 05:22:38 | 000,005,120 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdarmw.dll
[2011/05/12 05:22:38 | 000,005,120 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdarme.dll
[2011/05/12 05:22:37 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_iscii.dll
[2011/05/12 05:22:37 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinpun.dll
[2011/05/12 05:22:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdvntc.dll
[2011/05/12 05:22:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdintam.dll
[2011/05/12 05:22:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinmar.dll
[2011/05/12 05:22:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinhin.dll
[2011/05/12 05:22:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdindev.dll
[2011/05/12 05:22:35 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdurdu.dll
[2011/05/12 05:22:35 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsyr2.dll
[2011/05/12 05:22:35 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsyr1.dll
[2011/05/12 05:22:35 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfa.dll
[2011/05/12 05:22:35 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbddiv2.dll
[2011/05/12 05:22:35 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbddiv1.dll
[2011/05/12 05:22:35 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbda3.dll
[2011/05/12 05:22:35 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbda2.dll
[2011/05/12 05:22:35 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbda1.dll
[2011/05/12 05:22:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusa.dll
[2011/05/12 05:22:33 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdheb.dll
[2011/05/12 05:22:31 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdth3.dll
[2011/05/12 05:22:31 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdth2.dll
[2011/05/12 05:22:31 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdth1.dll
[2011/05/12 05:22:31 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdth0.dll
[2011/05/12 05:22:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftlx041e.dll
[2011/05/12 04:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2011/05/12 04:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Dropbox
[2011/05/12 02:52:27 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/05/12 02:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Launchy
[2011/05/12 02:24:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/12 02:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/05/12 02:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/05/12 02:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011/05/12 01:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EASEUS Partition Master 8.0.1 Home Edition
[2011/05/12 01:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011/05/12 01:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/12 01:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/05/12 01:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
[2011/05/12 01:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/05/12 01:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2011/05/12 01:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/05/12 00:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AC3Filter
[2011/05/12 00:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2011/05/12 00:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/05/12 00:51:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/12 00:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/12 00:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/12 00:51:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/12 00:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/12 00:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/05/12 00:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/05/12 00:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2011/05/12 00:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Winamp Detector Plug-in
[2011/05/12 00:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2011/05/12 00:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2011/05/12 00:48:49 | 002,095,600 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2011/05/12 00:48:49 | 000,698,864 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2011/05/12 00:48:49 | 000,571,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2011/05/12 00:48:49 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2011/05/12 00:48:49 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2011/05/12 00:48:49 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2011/05/12 00:48:49 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2011/05/12 00:48:49 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2011/05/12 00:48:49 | 000,100,848 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2011/05/12 00:48:49 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2011/05/12 00:48:49 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2011/05/12 00:48:49 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2011/05/12 00:48:49 | 000,059,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwma.dll
[2011/05/12 00:48:49 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2011/05/12 00:48:49 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2011/05/12 00:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/05/12 00:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Winamp
[2011/05/12 00:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
[2011/05/12 00:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2011/05/12 00:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2011/05/12 00:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/05/12 00:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/05/12 00:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2011/05/12 00:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Notepad++
[2011/05/12 00:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2011/05/12 00:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2011/05/12 00:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Launchy
[2011/05/12 00:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Launchy
[2011/05/12 00:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2011/05/12 00:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/05/12 00:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/05/12 00:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/12 00:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/05/12 00:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Revo Uninstaller
[2011/05/12 00:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/05/12 00:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/05/12 00:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/05/12 00:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/12 00:42:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/12 00:42:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/12 00:42:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/12 00:42:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/12 00:42:11 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/12 00:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/05/12 00:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2011/05/12 00:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/05/12 00:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/05/12 00:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2011/05/12 00:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/12 00:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/05/12 00:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/05/11 23:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/05/11 23:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/05/11 23:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2011/05/11 23:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/05/11 23:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/05/11 23:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/05/11 23:53:24 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/11 23:53:24 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/11 23:53:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/05/11 23:53:22 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/11 23:53:22 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/11 23:53:21 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/11 23:53:21 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/11 23:53:21 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/11 23:53:20 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/11 23:53:12 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/11 23:53:12 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/11 23:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/11 23:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/11 23:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/05/11 23:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/05/11 23:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/11 23:29:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011/05/11 23:26:44 | 000,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ChCfg.exe
[2011/05/11 23:26:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011/05/11 23:26:29 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2011/05/11 23:26:28 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2011/05/11 23:26:28 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2011/05/11 23:26:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2011/05/11 23:26:25 | 009,715,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe
[2011/05/11 23:26:25 | 004,745,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2011/05/11 23:26:25 | 001,196,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2011/05/11 23:26:25 | 000,266,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.cpl
[2011/05/11 23:26:25 | 000,077,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
[2011/05/11 23:26:23 | 002,165,760 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2011/05/11 23:26:22 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2011/05/11 23:26:22 | 000,278,528 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSndMgr.cpl
[2011/05/11 23:26:22 | 000,057,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2011/05/11 23:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/05/11 23:26:17 | 000,528,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2011/05/11 23:26:17 | 000,319,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2011/05/11 23:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/05/11 23:22:04 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys
[2011/05/11 23:21:25 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2011/05/11 23:20:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/05/11 23:20:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/05/11 23:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/05/11 23:20:09 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/05/11 23:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/05/11 23:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/05/11 23:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/05/11 23:20:07 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2011/05/11 23:20:07 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2011/05/11 23:20:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2011/05/11 23:20:06 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2011/05/11 23:20:06 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2011/05/11 23:20:06 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2011/05/11 23:20:06 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2011/05/11 23:20:06 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2011/05/11 23:20:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2011/05/11 23:20:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2011/05/11 23:20:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2011/05/11 23:20:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2011/05/11 23:20:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2011/05/11 23:20:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2011/05/11 23:20:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2011/05/11 23:20:03 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2011/05/11 23:20:03 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2011/05/11 23:20:03 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2011/05/11 23:20:03 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2011/05/11 23:20:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2011/05/11 23:20:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2011/05/11 23:20:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2011/05/11 23:20:02 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2011/05/11 23:20:02 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2011/05/11 23:20:02 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2011/05/11 23:20:02 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2011/05/11 23:20:02 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2011/05/11 23:20:01 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2011/05/11 23:20:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2011/05/11 23:20:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2011/05/11 23:20:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2011/05/11 23:20:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2011/05/11 23:20:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2011/05/11 23:20:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2011/05/11 23:20:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2011/05/11 23:20:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2011/05/11 23:20:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2011/05/11 23:20:01 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2011/05/11 23:20:01 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2011/05/11 23:20:01 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2011/05/11 23:19:59 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2011/05/11 23:19:59 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2011/05/11 23:19:59 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2011/05/11 23:19:59 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/05/11 23:19:59 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2011/05/11 23:19:59 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2011/05/11 23:19:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/05/11 23:19:59 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2011/05/11 23:19:59 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2011/05/11 23:19:59 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2011/05/11 23:19:59 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2011/05/11 23:19:58 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2011/05/11 23:19:58 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2011/05/11 23:19:58 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2011/05/11 23:19:58 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2011/05/11 23:19:58 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2011/05/11 23:19:58 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2011/05/11 23:19:58 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2011/05/11 23:19:58 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2011/05/11 23:19:58 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2011/05/11 23:19:58 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2011/05/11 23:19:58 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2011/05/11 23:19:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2011/05/11 23:19:58 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2011/05/11 23:19:58 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2011/05/11 23:19:58 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2011/05/11 23:19:58 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2011/05/11 23:19:57 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2011/05/11 23:19:57 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2011/05/11 23:19:57 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2011/05/11 23:19:57 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2011/05/11 23:19:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/05/11 23:19:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/05/11 23:19:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/05/11 23:19:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/05/11 23:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/05/11 23:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/05/11 23:17:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/05/11 23:17:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/05/11 23:17:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/05/11 23:17:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/05/11 23:17:29 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/05/11 23:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/05/11 23:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2011/05/11 23:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2011/05/11 23:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/05/11 23:12:50 | 000,000,000 | --SD | C] -- C:\WINDOWS\Offline Web Pages
[2011/05/11 23:12:50 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/05/11 23:12:50 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/05/11 23:12:50 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/05/11 23:12:50 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/05/11 23:12:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/05/11 23:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/05/11 23:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Download Manager
[2011/05/11 22:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/05/11 22:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/05/11 22:30:35 | 014,856,192 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2011/05/11 22:30:35 | 005,210,112 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2011/05/11 22:30:35 | 002,770,536 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2011/05/11 22:30:35 | 002,074,216 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2011/05/11 22:30:35 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220140.dll
[2011/05/11 22:30:35 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322060.dll
[2011/05/11 22:30:35 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/05/11 22:30:34 | 013,000,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2011/05/11 22:30:34 | 004,111,232 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2011/05/11 22:30:34 | 002,027,008 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2011/05/11 22:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/05/11 22:19:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Atheros_L1e
[2011/05/11 22:19:00 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/05/11 22:17:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/05/11 22:11:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/05/11 22:11:22 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2011/05/11 22:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/05/11 22:11:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/05/11 22:11:08 | 000,000,000 | ---D | C] -- C:\Intel
[2011/05/11 21:56:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/05/11 21:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2011/05/11 21:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/05/11 21:43:21 | 000,919,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2011/05/11 21:43:21 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2011/05/11 21:43:21 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/05/11 21:43:21 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2011/05/11 21:43:21 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2011/05/11 21:43:21 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2011/05/11 21:43:21 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/05/11 21:43:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2011/05/11 21:43:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2011/05/11 21:43:20 | 001,992,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/05/11 21:43:20 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2011/05/11 21:43:20 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/05/11 21:43:20 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2011/05/11 21:43:20 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2011/05/11 21:43:20 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/05/11 21:43:19 | 005,964,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/11 21:43:19 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2011/05/11 21:42:35 | 000,455,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/05/11 21:41:11 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/05/11 21:40:58 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/05/11 21:39:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/05/11 21:39:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/05/11 21:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/05/11 21:39:37 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2011/05/11 21:39:32 | 000,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2011/05/11 21:39:30 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011/05/11 21:39:30 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011/05/11 21:39:30 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/05/11 21:39:30 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011/05/11 21:39:30 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011/05/11 21:39:30 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011/05/11 21:39:28 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/05/11 21:39:28 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011/05/11 21:39:28 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/05/11 21:38:49 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/05/11 21:38:09 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/05/11 21:37:45 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl32.ocx
[2011/05/11 21:37:45 | 000,443,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshflxgd.ocx
[2011/05/11 21:37:45 | 000,334,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wbclsdsr.ocx
[2011/05/11 21:37:45 | 000,278,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdatgrd.ocx
[2011/05/11 21:37:45 | 000,258,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msflxgrd.ocx
[2011/05/11 21:37:45 | 000,252,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdatlst.ocx
[2011/05/11 21:37:45 | 000,221,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tabctl32.ocx
[2011/05/11 21:37:45 | 000,218,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx
[2011/05/11 21:37:45 | 000,206,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdatrep.ocx
[2011/05/11 21:37:45 | 000,190,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrdc20.ocx
[2011/05/11 21:37:45 | 000,178,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msmask32.ocx
[2011/05/11 21:37:45 | 000,151,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msmapi32.ocx
[2011/05/11 21:37:45 | 000,136,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.ocx
[2011/05/11 21:37:45 | 000,127,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswinsck.ocx
[2011/05/11 21:37:45 | 000,119,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomm32.ocx
[2011/05/11 21:37:45 | 000,100,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\picclp32.ocx
[2011/05/11 21:37:45 | 000,080,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysinfo.ocx
[2011/05/11 21:37:44 | 002,887,680 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\libmmd.dll
[2011/05/11 21:37:44 | 002,129,408 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\python31.dll
[2011/05/11 21:37:44 | 001,069,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl.ocx
[2011/05/11 21:37:44 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[2011/05/11 21:37:44 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71u.dll
[2011/05/11 21:37:44 | 001,029,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mschrt20.ocx
[2011/05/11 21:37:44 | 001,024,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2011/05/11 21:37:44 | 001,017,344 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2011/05/11 21:37:44 | 001,017,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70u.dll
[2011/05/11 21:37:44 | 000,935,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vb40016.dll
[2011/05/11 21:37:44 | 000,722,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vb40032.dll
[2011/05/11 21:37:44 | 000,659,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomct2.ocx
[2011/05/11 21:37:44 | 000,614,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.ocx
[2011/05/11 21:37:44 | 000,567,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbgrid32.ocx
[2011/05/11 21:37:44 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2011/05/11 21:37:44 | 000,462,848 | ---- | C] (Ruud van Velsen (Microsoft)) -- C:\WINDOWS\System32\KiXtart.dll
[2011/05/11 21:37:44 | 000,449,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrdo20.dll
[2011/05/11 21:37:44 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2011/05/11 21:37:44 | 000,415,552 | ---- | C] (Microsoft Corporation ) -- C:\WINDOWS\System32\comct332.ocx
[2011/05/11 21:37:44 | 000,398,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbrun300.dll
[2011/05/11 21:37:44 | 000,356,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbrun200.dll
[2011/05/11 21:37:44 | 000,340,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdbrpt.dll
[2011/05/11 21:37:44 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2011/05/11 21:37:44 | 000,328,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdbrptr.dll
[2011/05/11 21:37:44 | 000,312,848 | ---- | C] (AutoIt Team) -- C:\WINDOWS\System32\AutoItX3.dll
[2011/05/11 21:37:44 | 000,310,592 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\mswcrun.dll
[2011/05/11 21:37:44 | 000,245,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmpgd.dll
[2011/05/11 21:37:44 | 000,222,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dblist32.ocx
[2011/05/11 21:37:44 | 000,215,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mci32.ocx
[2011/05/11 21:37:44 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2011/05/11 21:37:44 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libssl32.dll
[2011/05/11 21:37:44 | 000,170,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comct232.ocx
[2011/05/11 21:37:44 | 000,155,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx
[2011/05/11 21:37:44 | 000,134,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msadodc.ocx
[2011/05/11 21:37:44 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msstdfmt.dll
[2011/05/11 21:37:44 | 000,117,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmpgr.dll
[2011/05/11 21:37:44 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2011/05/11 21:37:44 | 000,107,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msstkprp.dll
[2011/05/11 21:37:44 | 000,099,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msaddndr.dll
[2011/05/11 21:37:44 | 000,084,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msbind.dll
[2011/05/11 21:37:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simpleaudio.dll
[2011/05/11 21:37:44 | 000,069,440 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\mscsfdbg.dll
[2011/05/11 21:37:44 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71DEU.dll
[2011/05/11 21:37:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71ITA.dll
[2011/05/11 21:37:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71FRA.dll
[2011/05/11 21:37:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71ESP.dll
[2011/05/11 21:37:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70ITA.dll
[2011/05/11 21:37:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70FRA.dll
[2011/05/11 21:37:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70ESP.dll
[2011/05/11 21:37:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70DEU.dll
[2011/05/11 21:37:44 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71ENU.dll
[2011/05/11 21:37:44 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70ENU.dll
[2011/05/11 21:37:44 | 000,057,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbadapt.dll
[2011/05/11 21:37:44 | 000,057,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscdrun.dll
[2011/05/11 21:37:44 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvci70.dll
[2011/05/11 21:37:44 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71KOR.dll
[2011/05/11 21:37:44 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71JPN.dll
[2011/05/11 21:37:44 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70KOR.dll
[2011/05/11 21:37:44 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70JPN.dll
[2011/05/11 21:37:44 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71CHT.dll
[2011/05/11 21:37:44 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70CHT.dll
[2011/05/11 21:37:44 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71CHS.dll
[2011/05/11 21:37:44 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70CHS.dll
[2011/05/11 21:37:43 | 000,294,912 | ---- | C] (Ruud van Velsen (Microsoft)) -- C:\WINDOWS\System32\WKiX32.exe
[2011/05/11 21:37:43 | 000,290,816 | ---- | C] (Ruud van Velsen (Microsoft)) -- C:\WINDOWS\System32\KiX32.exe
[2011/05/11 21:37:43 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[2011/05/11 21:37:43 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl70.dll
[2011/05/11 21:37:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/05/11 21:37:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/05/11 21:37:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/05/11 21:37:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/05/11 21:37:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/05/11 21:37:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/05/11 21:37:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/05/11 21:37:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/05/11 21:37:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/05/11 21:37:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/05/11 21:37:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/05/11 21:37:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/05/11 21:37:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/05/11 21:37:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/05/11 21:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/05/11 21:37:10 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/05/11 21:37:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/05/11 21:37:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/05/11 21:37:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/05/11 21:37:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/05/11 21:37:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/05/11 21:36:51 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/05/11 21:35:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/05/11 21:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/05/11 21:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/05/11 21:34:15 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011/05/11 21:34:15 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011/05/11 21:34:07 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011/05/11 21:33:52 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2011/05/11 21:33:16 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/05/11 21:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2011/05/11 21:32:54 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/05/11 21:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\hkSFV
[2011/05/11 21:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\hkSFV
[2011/05/11 21:32:16 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/05/11 21:32:16 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2011/05/11 21:32:15 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/05/11 21:32:15 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/05/11 21:32:15 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2011/05/11 21:31:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/05/11 21:31:25 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011/05/11 21:31:24 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/05/11 21:31:21 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2011/05/11 21:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/05/11 21:30:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/05/11 21:30:55 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/05/11 21:30:51 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011/05/11 21:30:51 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2011/05/11 21:30:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2011/05/11 21:30:42 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2011/05/11 21:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/05/11 21:30:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2011/05/11 21:30:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/05/11 21:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/05/11 21:30:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/05/11 21:30:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/05/11 21:30:28 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2011/05/11 21:30:27 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2011/05/11 21:30:27 | 000,194,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2011/05/11 21:30:27 | 000,172,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2011/05/11 21:30:27 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2011/05/11 21:30:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2011/05/11 21:30:27 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2011/05/11 21:30:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2011/05/11 21:30:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2011/05/11 21:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/05/11 21:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/05/11 21:30:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/05/11 21:30:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/05/11 21:30:08 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2011/05/11 21:30:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2011/05/11 21:30:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2011/05/11 21:30:08 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2011/05/11 21:30:05 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2011/05/11 21:30:04 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2011/05/11 21:30:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/05/11 21:30:02 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2011/05/11 21:30:02 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2011/05/11 21:30:02 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2011/05/11 21:30:01 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2011/05/11 21:30:01 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2011/05/11 21:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/05/11 21:29:59 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2011/05/11 21:29:59 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2011/05/11 21:29:58 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2011/05/11 21:29:57 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2011/05/11 21:29:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2011/05/11 21:29:57 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2011/05/11 21:29:57 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2011/05/11 21:29:57 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2011/05/11 21:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/05/11 21:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/05/11 21:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/05/11 21:29:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/05/11 21:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Unlocker
[2011/05/11 21:29:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/05/11 21:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/05/11 21:29:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/05/11 21:29:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/05/11 21:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/05/11 21:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Utilities
[2011/05/11 21:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/05/11 21:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Desktop
[2011/05/11 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/05/11 21:28:58 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/05/11 21:28:58 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/05/11 21:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\Utilities
[2011/05/11 21:28:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/05/11 21:28:57 | 000,142,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MicrosoftUpdateCatalogWebControl.dll
[2011/05/11 21:28:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/05/11 21:28:49 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2011/05/11 21:28:49 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2011/05/11 21:28:49 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2011/05/11 21:28:49 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2011/05/11 21:28:48 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2011/05/11 21:28:48 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2011/05/11 21:28:48 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2011/05/11 21:28:48 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2011/05/11 21:28:48 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2011/05/11 21:28:47 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2011/05/11 21:28:47 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/05/11 21:28:47 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2011/05/11 21:28:47 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2011/05/11 21:28:47 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2011/05/11 21:28:47 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2011/05/11 21:28:47 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2011/05/11 21:28:47 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2011/05/11 21:28:47 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2011/05/11 21:28:47 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2011/05/11 21:28:46 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2011/05/11 21:28:46 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2011/05/11 21:28:46 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2011/05/11 21:28:46 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2011/05/11 21:28:46 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2011/05/11 21:28:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2011/05/11 21:28:46 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2011/05/11 21:28:46 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2011/05/11 21:28:46 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2011/05/11 21:28:45 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2011/05/11 21:28:45 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2011/05/11 21:28:45 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2011/05/11 21:28:45 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2011/05/11 21:28:45 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2011/05/11 21:28:45 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2011/05/11 21:28:45 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2011/05/11 21:28:45 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2011/05/11 21:28:45 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2011/05/11 21:28:45 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2011/05/11 21:28:44 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/05/11 21:28:43 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2011/05/11 21:28:43 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2011/05/11 21:28:42 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2011/05/11 21:28:42 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2011/05/11 21:28:41 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2011/05/11 21:28:41 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2011/05/11 21:28:40 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2011/05/11 21:28:40 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2011/05/11 21:28:39 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2011/05/11 21:28:39 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2011/05/11 21:28:38 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2011/05/11 21:28:38 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2011/05/11 21:28:38 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2011/05/11 21:28:37 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2011/05/11 21:28:37 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2011/05/11 21:28:36 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2011/05/11 21:28:36 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2011/05/11 21:28:36 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2011/05/11 21:28:36 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2011/05/11 21:28:35 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011/05/11 21:28:35 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2011/05/11 21:28:35 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2011/05/11 21:28:35 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2011/05/11 21:28:35 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2011/05/11 21:28:35 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2011/05/11 21:28:34 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2011/05/11 21:28:34 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2011/05/11 21:28:34 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2011/05/11 21:28:34 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2011/05/11 21:28:33 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2011/05/11 21:28:33 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2011/05/11 21:28:32 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2011/05/11 21:28:32 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2011/05/11 21:28:32 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011/05/11 21:28:31 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2011/05/11 21:28:31 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2011/05/11 21:28:31 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2011/05/11 21:28:31 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2011/05/11 21:28:30 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2011/05/11 21:28:30 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2011/05/11 21:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop
[2011/05/11 21:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/05/11 21:28:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2011/05/11 21:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/05/11 21:28:18 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2011/05/11 21:28:18 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2011/05/11 21:28:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2011/05/11 21:28:18 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2011/05/11 21:28:18 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2011/05/11 21:28:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2011/05/11 21:28:12 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2011/05/11 21:28:11 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2011/05/11 21:28:11 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2011/05/11 21:28:11 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2011/05/11 21:28:11 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2011/05/11 21:28:10 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2011/05/11 21:28:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2011/05/11 21:28:10 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2011/05/11 21:28:10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2011/05/11 21:28:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2011/05/11 21:28:10 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2011/05/11 21:28:10 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2011/05/11 21:28:10 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2011/05/11 21:28:10 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2011/05/11 21:28:10 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2011/05/11 21:28:09 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2011/05/11 21:28:09 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2011/05/11 21:28:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2011/05/11 21:28:09 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2011/05/11 21:28:09 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2011/05/11 21:28:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2011/05/11 21:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/05/11 21:27:56 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2011/05/11 21:27:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2011/05/11 21:27:56 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2011/05/11 21:27:56 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2011/05/11 21:27:56 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2011/05/11 21:27:55 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2011/05/11 21:27:55 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2011/05/11 21:27:55 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2011/05/11 21:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/05/11 21:27:54 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2011/05/11 21:27:54 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2011/05/11 21:27:54 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2011/05/11 21:27:53 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2011/05/11 21:27:53 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2011/05/11 21:27:52 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2011/05/11 21:27:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2011/05/11 21:27:51 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2011/05/11 21:27:51 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2011/05/11 21:27:51 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2011/05/11 21:27:51 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2011/05/11 21:27:49 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2011/05/11 21:27:49 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2011/05/11 21:27:48 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2011/05/11 21:27:48 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2011/05/11 21:27:48 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2011/05/11 21:27:48 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2011/05/11 21:27:48 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2011/05/11 21:27:48 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2011/05/11 21:27:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/05/11 21:27:46 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2011/05/11 21:27:46 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2011/05/11 21:27:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2011/05/11 21:27:46 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2011/05/11 21:27:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2011/05/11 21:27:46 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2011/05/11 21:27:46 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2011/05/11 21:27:46 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2011/05/11 21:27:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2011/05/11 21:27:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2011/05/11 21:27:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/05/11 21:27:45 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2011/05/11 21:27:45 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2011/05/11 21:27:45 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2011/05/11 21:27:45 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2011/05/11 21:27:45 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2011/05/11 21:27:33 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2011/05/11 21:27:33 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2011/05/11 21:27:33 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2011/05/11 21:27:33 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2011/05/11 21:27:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/05/11 21:27:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/05/11 21:26:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/11 21:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/05/11 21:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/05/07 16:17:56 | 000,097,504 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/05/02 20:36:54 | 000,029,400 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/05/02 20:36:52 | 000,242,472 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/05/02 20:36:52 | 000,017,416 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/05/02 20:36:04 | 000,284,744 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll

========== Files - Modified Within 30 Days ==========

[2011/05/12 17:22:40 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/12 17:22:40 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/12 17:18:33 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/12 17:18:21 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/12 17:18:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/12 17:03:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/12 15:34:07 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Total Commander.lnk
[2011/05/12 05:37:00 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/12 04:57:55 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/12 04:17:58 | 000,001,022 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Dropbox.lnk
[2011/05/12 04:16:58 | 000,001,022 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/12 02:52:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/05/12 02:21:53 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/05/12 02:17:38 | 000,000,378 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Downloads.lnk
[2011/05/12 01:59:46 | 000,001,061 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EASEUS Partition Master 8.0.1 Home Edition.lnk
[2011/05/12 01:48:06 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/12 01:47:36 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2011/05/12 01:47:36 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2011/05/12 01:44:33 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/05/12 01:44:22 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2011/05/12 00:51:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/12 00:51:23 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/12 00:48:56 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/05/12 00:48:56 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/05/12 00:45:02 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/12 00:45:02 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/05/12 00:44:38 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Notepad++.lnk
[2011/05/12 00:43:52 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Launchy.lnk
[2011/05/12 00:43:52 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Launchy.lnk
[2011/05/12 00:42:57 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla.lnk
[2011/05/12 00:42:37 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/12 00:42:25 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2011/05/12 00:42:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/12 00:42:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/12 00:42:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/12 00:42:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/12 00:42:05 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/12 00:22:13 | 000,000,501 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tweak UI.lnk
[2011/05/12 00:02:53 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpywareBlaster.lnk
[2011/05/11 23:55:02 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/05/11 23:55:02 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/11 23:53:24 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/11 23:53:21 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/11 23:43:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/05/11 23:43:15 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/11 23:43:15 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/11 23:29:12 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011/05/11 23:29:12 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011/05/11 23:26:17 | 000,319,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2011/05/11 23:20:19 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/05/11 23:15:53 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/05/11 23:15:53 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/05/11 22:30:43 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/11 22:30:43 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/11 22:30:41 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/11 22:30:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/05/11 22:11:01 | 000,001,769 | ---- | M] () -- C:\WINDOWS\Language_trs.ini
[2011/05/11 21:59:43 | 000,000,781 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/11 21:43:31 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/11 21:43:30 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/11 21:37:08 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/05/11 21:35:27 | 000,000,718 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/05/11 21:32:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/11 21:32:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/11 21:32:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/05/11 21:32:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/05/11 21:32:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/11 21:32:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/11 21:32:24 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/11 21:32:16 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/11 21:29:26 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/11 21:26:46 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/05/10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 14:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 14:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 13:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/07 16:17:56 | 000,097,504 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/05/02 20:36:54 | 000,029,400 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/05/02 20:36:52 | 000,242,472 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/05/02 20:36:52 | 000,017,416 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/05/02 20:36:04 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll

========== Files Created - No Company Name ==========

[2011/05/12 15:34:07 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Total Commander.lnk
[2011/05/12 15:34:05 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2011/05/12 15:34:05 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2011/05/12 15:34:05 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2011/05/12 15:34:05 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2011/05/12 15:34:05 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2011/05/12 15:34:05 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2011/05/12 15:34:05 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2011/05/12 05:59:16 | 000,001,623 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk
[2011/05/12 05:59:16 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk
[2011/05/12 05:59:16 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk
[2011/05/12 04:51:09 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/12 04:17:58 | 000,001,022 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Dropbox.lnk
[2011/05/12 04:16:58 | 000,001,022 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/12 02:21:53 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/05/12 02:17:40 | 000,000,378 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Downloads.lnk
[2011/05/12 01:59:46 | 002,340,992 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/05/12 01:59:46 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/05/12 01:59:46 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/05/12 01:59:46 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/05/12 01:59:46 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/05/12 01:59:46 | 000,001,061 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EASEUS Partition Master 8.0.1 Home Edition.lnk
[2011/05/12 01:48:06 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/12 01:47:36 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2011/05/12 01:47:36 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2011/05/12 01:44:33 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/05/12 01:44:22 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2011/05/12 00:57:23 | 000,497,664 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm
[2011/05/12 00:51:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/12 00:51:23 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/12 00:48:56 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/05/12 00:48:56 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/05/12 00:48:17 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/05/12 00:45:02 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/12 00:45:02 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/05/12 00:44:39 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Notepad++.lnk
[2011/05/12 00:43:52 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Launchy.lnk
[2011/05/12 00:43:52 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Launchy.lnk
[2011/05/12 00:42:58 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla.lnk
[2011/05/12 00:42:37 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/12 00:42:25 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2011/05/12 00:22:13 | 000,000,501 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Tweak UI.lnk
[2011/05/12 00:21:02 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2011/05/12 00:02:53 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpywareBlaster.lnk
[2011/05/11 23:55:02 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/05/11 23:55:02 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/11 23:53:38 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/11 23:53:37 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/11 23:53:24 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/11 23:43:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/11 23:43:15 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/11 23:43:15 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/11 23:43:14 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/11 23:29:12 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011/05/11 23:29:12 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011/05/11 23:27:18 | 000,000,553 | ---- | C] () -- C:\WINDOWS\USetup.iss
[2011/05/11 23:20:19 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/05/11 23:20:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/11 23:19:57 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/05/11 23:18:10 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/05/11 23:18:10 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/05/11 23:18:10 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/05/11 23:18:10 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/05/11 23:18:10 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/05/11 23:18:10 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/05/11 23:18:10 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/05/11 23:18:10 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/05/11 23:18:10 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/05/11 23:18:10 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/05/11 23:18:10 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/05/11 23:18:10 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/05/11 23:18:10 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/05/11 23:18:10 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/05/11 23:18:10 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/05/11 23:18:10 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/05/11 23:18:10 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/05/11 23:18:09 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/05/11 23:18:09 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/05/11 23:17:28 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/11 23:15:53 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/05/11 23:15:53 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/05/11 23:15:47 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2011/05/11 23:15:44 | 000,000,718 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/05/11 22:30:41 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/11 22:30:41 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/11 22:30:41 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/11 22:30:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/05/11 22:30:35 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/05/11 22:30:35 | 000,003,629 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/05/11 22:11:01 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011/05/11 21:59:43 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts1.bak
[2011/05/11 21:43:31 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/11 21:43:30 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/11 21:43:30 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/05/11 21:43:22 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2011/05/11 21:37:44 | 000,921,665 | ---- | C] () -- C:\WINDOWS\System32\msvcrt-ruby18.dll
[2011/05/11 21:37:44 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\vbrun100.dll
[2011/05/11 21:37:44 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2011/05/11 21:37:43 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\pythonw.exe
[2011/05/11 21:37:43 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\python.exe
[2011/05/11 21:37:43 | 000,020,537 | ---- | C] () -- C:\WINDOWS\System32\rubyw.exe
[2011/05/11 21:37:43 | 000,020,536 | ---- | C] () -- C:\WINDOWS\System32\ruby.exe
[2011/05/11 21:37:20 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/05/11 21:37:20 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/05/11 21:37:08 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/05/11 21:35:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 21:32:33 | 000,002,625 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/11 21:32:33 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/05/11 21:32:33 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/05/11 21:32:33 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/05/11 21:32:33 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/05/11 21:32:25 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/11 21:32:25 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/11 21:32:24 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/11 21:31:23 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/05/11 21:30:49 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/05/11 21:30:49 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/05/11 21:29:49 | 000,001,455 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\ASPI Check.lnk
[2011/05/11 21:29:31 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/05/11 21:29:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/11 21:29:05 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/05/11 21:28:14 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/05/11 21:28:14 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/05/11 21:28:14 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/05/11 21:28:14 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/05/11 21:28:13 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/05/11 21:28:13 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/05/11 21:28:13 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/05/11 21:28:13 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/05/11 21:28:12 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/05/11 21:28:12 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/05/11 21:28:12 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/05/11 21:28:10 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/05/11 21:28:10 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/05/11 21:28:09 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/05/11 21:28:05 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2002/12/31 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/12/31 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/12/31 14:00:00 | 000,441,454 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/12/31 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/12/31 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/12/31 14:00:00 | 000,071,264 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/12/31 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/12/31 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/12/31 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/12/31 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/12/31 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2002/12/31 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

#4 $Suspicious file running - C:\Program Files\btdna.exe: post #4$
RKinner

Posted 12 May 2011 - 10:20 AM

Malware Expert

Expert
24,748 posts

OTL says by the time it got there the DNS stuff was already gone so it didn't really do anything.

If you want to run some more scans we can look for malware but I doubt we will find anything.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Ron

#5 $Suspicious file running - C:\Program Files\btdna.exe: post #5$
adifrank

Posted 13 May 2011 - 05:05 AM

Member

Topic Starter
Member
226 posts

Hi RKinner,
When I ran ComboFix and it found something wrong with my system files. It then proceeded to download and install the Windows Recovery Console. It successfully fixed whatever there was to be fixed. After rebooting the WGA notified me that apparently my copy of Windows XP is not genuine...

So it seems my copy of Windows is corrupt or fake or something.... I'll have to sort this out..... maybe I'll just buy Windows 7.

Thanks for your help with this. I really appreciate it.

#6 $Suspicious file running - C:\Program Files\btdna.exe: post #6$
RKinner

Posted 13 May 2011 - 09:02 AM

Malware Expert

Expert
24,748 posts

I'd try this:
http://news.softpedi...ror-46656.shtml
if you think your copy of windows is genuine. If that doesn't help then run mgadiag as referenced in this quote from
http://social.micros...d-620f568fd783/

Occasionally we have had some customers that purchased valid copies of Windows or received them when purchasing an OEM system but failed validation. In most cases this has been determined to be the result of the actual Product Key used to install the current version of Windows XP to be blocked. This most often has occurred by the computer being repaired and a Blocked Product Key being used on the computer at that time.

To confirm there are no other blocking issues with your validation such as clock out of synch or IE settings blocking the validation process please run the WGA Diagnostics located here:

http://www.microsoft.com/genuine/diag/

If everything here is confirmed as functioning properly and you still have issues validating could you please run the wgadiag tool again and post the information for us.

http://go.microsoft....k/?linkid=52012

Without actually posting your Product Key in this post compare the last 15 characters of your COA to the last 15 characters in the Diag output. If they are not the same you will have to change the product key. The easiest way to do this without having to re-install applications or lose data is to refer to the Repair Method in this KB Article.

http://support.micro...kb/315341/en-us

Warning: as with any such major procedure it is highly recommended you backup all critical/personal data on your computer that you would not want to lose and ensure you have the software to re-install your applications should something happen.

We can also attempt to change the key using the Product Key Update tool below. The Genuine Advantage Product Key Update Tool is only valid for users attempting to change their current non-genuine Product Key to a genuine COA sticker or genuine Product Key – all without a reinstall! http://www.microsoft...?displayLang=en

Note: This is provided no core system files are corrupted. If they are you will need to complete a clean install of your system.

If that doesn't help then give MS a call. I think this may be a side effect of the infection or perhaps MS has changed their activation software to make it too sensitive. I'm seeing this more often these days.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

As Featured On:

Geeks to Go Forum 343,521 topics
Quick Links FAQ Malware Cleaning Guide How it Works
Downloads 2+ million

View New Content

Suspicious file running - C:\Program Files\btdna.exe

#1 $Suspicious file running - C:\Program Files\btdna.exe: post #1$
adifrank

Posted 11 May 2011 - 07:27 PM

Advertisements

#2 $Suspicious file running - C:\Program Files\btdna.exe: post #2$
RKinner

Posted 12 May 2011 - 12:10 AM

#3 $Suspicious file running - C:\Program Files\btdna.exe: post #3$
adifrank

Posted 12 May 2011 - 09:50 AM

#4 $Suspicious file running - C:\Program Files\btdna.exe: post #4$
RKinner

Posted 12 May 2011 - 10:20 AM

#5 $Suspicious file running - C:\Program Files\btdna.exe: post #5$
adifrank

Posted 13 May 2011 - 05:05 AM

#6 $Suspicious file running - C:\Program Files\btdna.exe: post #6$
RKinner

Posted 13 May 2011 - 09:02 AM

Similar Topics

1 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Suspicious file running - C:\Program Files\btdna.exe

#1 adifrank Posted 11 May 2011 - 07:27 PM

Advertisements

#2 RKinner Posted 12 May 2011 - 12:10 AM

#3 adifrank Posted 12 May 2011 - 09:50 AM

#4 RKinner Posted 12 May 2011 - 10:20 AM

#5 adifrank Posted 13 May 2011 - 05:05 AM

#6 RKinner Posted 13 May 2011 - 09:02 AM

Similar Topics

1 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1 $Suspicious file running - C:\Program Files\btdna.exe: post #1$
adifrank

Posted 11 May 2011 - 07:27 PM

#2 $Suspicious file running - C:\Program Files\btdna.exe: post #2$
RKinner

Posted 12 May 2011 - 12:10 AM

#3 $Suspicious file running - C:\Program Files\btdna.exe: post #3$
adifrank

Posted 12 May 2011 - 09:50 AM

#4 $Suspicious file running - C:\Program Files\btdna.exe: post #4$
RKinner

Posted 12 May 2011 - 10:20 AM

#5 $Suspicious file running - C:\Program Files\btdna.exe: post #5$
adifrank

Posted 13 May 2011 - 05:05 AM

#6 $Suspicious file running - C:\Program Files\btdna.exe: post #6$
RKinner

Posted 13 May 2011 - 09:02 AM