Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan that I can't find or eliminate


  • Please log in to reply

#1
Darth

Darth

    New Member

  • Member
  • Pip
  • 1 posts
I have gotten a Trojan that intercepts my downloads from banking accounts and changes the names and data (for example, qif files). Avast did not catch this virus and scans (including the bootlog scan) do not find it. I am afraid it is a backdoor trojan and that my passwords, etc. are at risk.

Paypal, delivers a file named "webscr" which has no usable data, my bank and credit card deliver various names such as "transactions ending xxx.qif" but contain no usable data and no matter what date they claim to be, they are all the same file, exactly 49mb in size.

I can download the proper files with my laptop with no trouble.

I finally reformatted my system disk and reinstalled Windows XP and some of my programs. This did not help. I then used the repair from the original windows disk and performed a "fixmbr" and "fixboot" , which did originally report a non-standard MBR.
But this didn't work either. I then downloaded and ran "tdsskiller" which didn't find any threats. I then downloaded and ran "aswMBR" with no results. It did report the MBR now as standard windows xp.

I have now downloaded "Partition Magic's Mini Tool Wizard" and checked for unallocated spaces. I found one in the C drive and expanded the active partition to take in the unallocated space. Also found a large unallocated space in my 2TB drive, and did the same thing. Then I reran all the above tools looking to see if I had exposed the trojan. No luck!


OTL logfile created on: 10/14/2012 12:52:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Darth\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.62% Memory free
3.85 Gb Paging File | 3.25 Gb Available in Paging File | 84.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.49 Gb Total Space | 90.40 Gb Free Space | 78.96% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 129.83 Gb Free Space | 87.11% Space Free | Partition Type: NTFS
Drive G: | 372.61 Gb Total Space | 281.30 Gb Free Space | 75.49% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 1679.44 Gb Free Space | 90.15% Space Free | Partition Type: NTFS

Computer Name: TED-80861C4A6CC | User Name: Darth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/14 12:47:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Darth\Desktop\OTL.exe
PRC - [2012/10/03 15:43:01 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2012/10/03 15:33:14 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/07 17:40:22 | 000,751,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
PRC - [2012/08/03 23:42:58 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
PRC - [2012/08/03 23:42:52 | 000,070,728 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
PRC - [2012/08/03 23:42:52 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2012/06/03 10:44:46 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2012/05/14 13:28:22 | 006,149,120 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
PRC - [2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/13 13:34:26 | 000,243,200 | ---- | M] (Stoic Joker's Network) -- C:\Downloads\T-Clock 2010 (build 95)\T-Clock 2010 (build X - Release to DC)\Win32\Clock.exe
PRC - [2009/10/16 10:44:18 | 000,053,560 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
PRC - [2009/10/16 10:44:14 | 001,600,816 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\NBHGui.exe
PRC - [2009/10/16 10:44:10 | 001,420,592 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
PRC - [2009/10/16 10:44:06 | 001,060,136 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\InCD.exe
PRC - [2009/07/06 20:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/01/22 19:24:25 | 008,981,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\NDP20SP2-KB958481-x86.exe
PRC - [2008/12/13 09:55:32 | 000,328,024 | ---- | M] (Microsoft Corporation) -- h:\82f8731be0d5fa1dec3158\HotFixInstaller.exe
PRC - [2008/10/09 09:07:56 | 000,107,912 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/14 05:42:42 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/03/18 11:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2004/01/08 11:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2001/09/24 17:15:58 | 003,891,268 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/14 03:07:08 | 001,816,064 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12101400\algo.dll
MOD - [2012/10/09 10:55:50 | 009,814,968 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/10/03 15:43:02 | 002,111,456 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2012/10/03 15:43:01 | 000,157,664 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012/10/03 15:43:01 | 000,021,984 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012/09/22 19:24:34 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Darth\Application Data\Thunderbird\Profiles\gy3iriuv.default\extensions\[email protected]\lib\tray_x86-msvc.dll
MOD - [2012/09/22 19:24:34 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\[email protected]\lib\tray_x86-msvc.dll
MOD - [2012/08/07 19:29:00 | 000,542,792 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll
MOD - [2012/08/07 19:29:00 | 000,382,024 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
MOD - [2012/08/07 19:29:00 | 000,193,608 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll
MOD - [2012/08/03 23:41:34 | 000,065,096 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
MOD - [2012/08/03 23:41:34 | 000,050,248 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
MOD - [2012/08/03 23:41:32 | 000,096,840 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll
MOD - [2012/08/03 23:41:30 | 000,105,032 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\NASOperator.dll
MOD - [2012/08/03 23:41:26 | 000,069,192 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
MOD - [2012/08/03 23:41:24 | 000,050,760 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
MOD - [2012/08/03 23:41:24 | 000,035,912 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll
MOD - [2012/08/03 23:41:22 | 000,022,088 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll
MOD - [2012/06/03 10:44:46 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2012/05/14 13:29:58 | 003,538,944 | ---- | M] () -- C:\Program Files\Free Download Manager\fdmbtsupp.dll
MOD - [2012/05/14 13:25:36 | 000,083,968 | ---- | M] () -- C:\Program Files\Free Download Manager\fdmumsp.dll
MOD - [2012/05/14 13:24:12 | 000,173,056 | ---- | M] () -- C:\Program Files\Free Download Manager\Firefox\extension\components\vmsfdmff.dll
MOD - [2012/03/12 23:39:07 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2008/11/25 17:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll
MOD - [2008/10/09 09:07:56 | 000,107,912 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2008/04/14 05:42:42 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
MOD - [2008/04/14 05:42:10 | 000,214,528 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\wbemcomn.dll
MOD - [2006/10/22 12:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2004/10/05 03:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll
MOD - [2001/03/02 23:26:06 | 000,102,400 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2001/03/02 23:25:06 | 000,041,984 | ---- | M] () -- C:\Program Files\WinRAR\Formats\arj.fmt
MOD - [2001/03/02 23:25:06 | 000,040,448 | ---- | M] () -- C:\Program Files\WinRAR\Formats\gz.fmt
MOD - [2001/03/02 23:25:06 | 000,034,816 | ---- | M] () -- C:\Program Files\WinRAR\Formats\tar.fmt


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/10/09 10:55:50 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/03 15:33:14 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/08/03 23:42:58 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2012/08/03 23:42:52 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2012/06/03 10:44:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/10/16 10:44:18 | 000,053,560 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2009/10/16 10:44:10 | 001,420,592 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe -- (InCDSrv)
SRV - [2008/10/09 09:07:56 | 000,107,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ULILAN51.SYS -- (ULI5261XP)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Darth\LOCALS~1\Temp\mfe_rr.sys -- (MFE_RR)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\imagedrv.sys -- (Imagedrv)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BS_DEF.sys -- (BS_DEF)
DRV - [2012/08/21 04:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 04:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 04:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 04:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 04:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 04:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 04:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/08/20 15:57:56 | 000,040,648 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2012/08/03 23:42:46 | 000,185,032 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2012/08/03 23:42:40 | 000,050,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2012/08/03 23:42:40 | 000,014,920 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2012/06/03 10:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/16 10:43:04 | 000,130,200 | ---- | M] (Nero AG) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\InCDFs.sys -- (InCDFs)
DRV - [2009/10/16 10:42:58 | 000,019,096 | ---- | M] (Nero AG) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\InCDRec.sys -- (InCDRec)
DRV - [2009/10/16 10:42:50 | 000,048,280 | ---- | M] (Nero AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/04/13 19:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/23 07:43:58 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2008/03/23 07:43:57 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2006/07/11 13:05:28 | 001,419,776 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\c6501.sys -- (cm102u32)
DRV - [2006/05/10 13:27:00 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/07/04 16:21:00 | 000,052,480 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\m5289.sys -- (m5289)
DRV - [2005/05/03 19:31:56 | 000,045,056 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AGPKX.SYS -- (uliagpkx)
DRV - [2004/03/10 15:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2003/08/13 15:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2001/08/17 14:11:18 | 000,027,678 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALI5261.SYS -- (ALI5261)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 08:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/08/17 08:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.24.0.9
FF - prefs.js..extensions.enabledAddons: [email protected]:2.1.6
FF - prefs.js..extensions.enabledAddons: [email protected]:0.1.5
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledAddons: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledAddons: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:4.1.3.1
FF - prefs.js..extensions.enabledAddons: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledAddons: {eecba28f-b68b-4b3a-b501-6ce12e6b8696}:0.9.1.1
FF - prefs.js..extensions.enabledAddons: [email protected]:0.97
FF - prefs.js..extensions.enabledAddons: [email protected]:3.0.0
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.7.4
FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1466
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: [email protected]:2.6.3
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledAddons: [email protected]:10.0.2
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.4pre.120724a
FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.9.1
FF - prefs.js..extensions.enabledAddons: FasterFox_Lite@BigRedBrent:3.9.9Lite
FF - prefs.js..extensions.enabledAddons: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.89
FF - prefs.js..extensions.enabledAddons: [email protected]:1.1.1
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.7
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.3
FF - prefs.js..extensions.enabledAddons: [email protected]:0.85.139
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.88.2
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.5Lite
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.1
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.18
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:4.1.3.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.5
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.7
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {eecba28f-b68b-4b3a-b501-6ce12e6b8696}:0.7.4
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: historyblock@kain:1.3.5
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:7.3.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1426
FF - prefs.js..extensions.enabledItems: [email protected]:1.24.0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..network.proxy.autoconfig_url: "http://www.wavelinx.com/"
FF - prefs.js..network.proxy.ftp_port: 1080
FF - prefs.js..network.proxy.gopher_port: 1080
FF - prefs.js..network.proxy.http: "216.184.96.90"
FF - prefs.js..network.proxy.http_port: 1080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.ssl_port: 1080
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/22 13:11:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/21 17:14:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/04 12:21:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/10/03 15:42:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/10/04 12:21:52 | 000,000,000 | ---D | M]

[2012/09/21 17:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Extensions
[2012/10/11 10:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions
[2012/09/23 09:31:29 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/09/23 09:31:32 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2012/09/23 09:31:35 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/09/23 09:31:35 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}(2)
[2012/09/22 17:11:07 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2012/09/26 10:25:24 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/09/23 09:31:35 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2012/09/23 09:45:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/09/23 09:31:36 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2012/09/23 09:31:36 | 000,000,000 | ---D | M] (ViewSourceWith) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
[2012/10/11 10:18:29 | 000,000,000 | ---D | M] ("Software Assist") -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\[email protected]
[2012/09/23 09:31:26 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\[email protected]
[2012/09/25 11:57:48 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\FasterFox_Lite@BigRedBrent
[2012/09/23 09:31:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\linktoolbar
[2012/10/07 10:22:54 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\[email protected]
[2012/09/23 09:31:28 | 000,000,000 | ---D | M] (NoSquint) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\[email protected]
[2012/09/23 09:31:28 | 000,000,000 | ---D | M] (Restart Button) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\[email protected]
[2012/09/23 09:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\temp
[2012/10/11 10:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\[email protected]\chrome\content\extensionCode
[2012/05/12 16:30:08 | 000,003,679 | ---- | M] () (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\[email protected]
[2012/06/21 16:48:52 | 000,095,609 | ---- | M] () (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\[email protected]
[2012/09/22 17:01:25 | 000,113,112 | ---- | M] () (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\[email protected]
[2012/09/23 12:43:17 | 000,159,657 | ---- | M] () (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\[email protected]
[2012/09/22 17:36:27 | 000,025,907 | ---- | M] () (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\[email protected]
[2012/09/23 12:43:17 | 000,186,166 | ---- | M] () (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\[email protected]
[2012/09/22 17:19:20 | 000,615,713 | ---- | M] () (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\[email protected]
[2012/07/20 09:42:36 | 000,698,987 | ---- | M] () (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\[email protected]
[2012/09/23 14:51:33 | 000,506,361 | ---- | M] () (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2012/10/10 10:34:25 | 000,340,256 | ---- | M] () (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/10/10 10:34:25 | 000,529,404 | ---- | M] () (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/09/23 12:43:18 | 000,341,143 | ---- | M] () (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012/09/23 12:43:18 | 001,268,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/09/23 09:45:35 | 001,073,809 | ---- | M] () (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi
[2012/09/23 12:43:19 | 000,737,058 | ---- | M] () (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/05/31 10:02:12 | 001,013,399 | ---- | M] () (No name found) -- C:\Documents and Settings\Darth\Application Data\Mozilla\Firefox\Profiles\k09nswvx.default\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}.xpi
[2012/09/21 17:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/22 13:11:47 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/22 15:52:29 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2012/10/14 12:53:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll
CHR - Extension: avast! WebRep = C:\Documents and Settings\Darth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

O1 HOSTS File: ([2001/08/23 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Tools\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NBHGui] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tclock.lnk = C:\Downloads\T-Clock 2010 (build 95)\T-Clock 2010 (build X - Release to DC)\Win32\Clock.exe (Stoic Joker's Network)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1348505280421 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B30D265-7815-4DAE-B423-F760AF234F2A}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Darth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Darth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/21 16:19:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/14 13:06:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/10/14 12:47:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Darth\Desktop\OTL.exe
[2012/10/13 13:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\Canneverbe Limited
[2012/10/13 13:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2012/10/13 13:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2012/10/13 13:49:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/10/13 13:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/10/13 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/10/11 11:14:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/10/11 10:43:33 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Darth\Desktop\tdsskiller.exe
[2012/10/10 16:23:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Darth\Recent
[2012/10/10 12:12:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Darth\Desktop\aswMBR.exe
[2012/10/10 11:57:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/07 13:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\AnalogX
[2012/10/07 13:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Start Menu\Programs\AnalogX
[2012/10/07 12:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bulk Rename Utility
[2012/10/07 12:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bulk Rename Utility
[2012/10/04 11:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012/10/03 16:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Local Settings\Application Data\Sun
[2012/10/03 15:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012/10/03 15:35:46 | 000,000,000 | R--D | C] -- D:\My Documents\My Videos
[2012/10/03 15:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/10/03 15:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/03 15:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/10/03 15:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/10/03 15:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\Sun
[2012/10/02 18:59:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/02 18:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2012/10/02 16:28:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/10/02 16:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SureThing
[2012/10/02 16:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2012/10/02 16:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\SURETHING
[2012/10/02 16:09:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\MVUNINST
[2012/10/02 13:10:46 | 000,607,744 | ---- | C] (Concept Software, Inc.) -- C:\WINDOWS\System32\KEYLIB32.dll
[2012/10/02 13:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SusProg3D
[2012/10/02 13:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\SusProg3D
[2012/09/30 16:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2012/09/30 16:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012/09/29 13:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Local Settings\Application Data\NewSoft
[2012/09/29 13:29:52 | 000,000,000 | -HSD | C] -- C:\BOOT
[2012/09/28 16:56:23 | 000,185,032 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys
[2012/09/28 16:56:23 | 000,014,920 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys
[2012/09/28 16:56:22 | 000,050,248 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys
[2012/09/28 16:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Todo Backup Free 5.0
[2012/09/28 16:55:53 | 000,019,528 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\fbnative.exe
[2012/09/28 16:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS
[2012/09/28 15:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/09/28 15:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/28 15:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/09/28 15:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Start Menu\Programs\Sophos
[2012/09/28 15:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/09/28 10:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\Webroot
[2012/09/28 10:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2012/09/27 19:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\Canon
[2012/09/27 18:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Local Settings\Application Data\Ahead
[2012/09/27 18:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/09/27 17:38:56 | 000,275,312 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\ImagXpr5.dll
[2012/09/27 17:38:55 | 000,532,480 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\imagx5.dll
[2012/09/27 17:38:55 | 000,507,904 | ---- | C] (Pegasus Software,LLC) -- C:\WINDOWS\System32\imagr5.dll
[2012/09/27 17:38:55 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2012/09/27 17:38:55 | 000,035,328 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\picn20.dll
[2012/09/26 10:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Local Settings\Application Data\Identities
[2012/09/25 15:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\Macromedia
[2012/09/25 15:33:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CD and Multimedia
[2012/09/24 17:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\ArcSoft
[2012/09/24 15:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Start Menu\Programs\WinRAR
[2012/09/24 15:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/09/24 15:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/09/24 14:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Local Settings\Application Data\Help
[2012/09/24 14:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\Help
[2012/09/24 14:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Local Settings\Application Data\MicroVision Applications
[2012/09/24 14:11:28 | 001,613,824 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf250.dll
[2012/09/24 14:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quicken 2006
[2012/09/24 14:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Palo Alto Software
[2012/09/24 14:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2012/09/24 14:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2012/09/24 14:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\Intuit
[2012/09/24 14:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2012/09/24 14:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\ImgBurn
[2012/09/24 14:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/09/24 13:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/09/24 13:56:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Darth\Start Menu\Programs\Administrative Tools
[2012/09/24 13:38:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/09/24 13:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\Un-Rar for Windows
[2012/09/24 13:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Local Settings\Application Data\Software Assist
[2012/09/24 13:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Software Assist
[2012/09/24 11:38:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/09/24 11:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\ahead
[2012/09/24 10:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DeLorme
[2012/09/24 10:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DeLorme
[2012/09/24 10:19:36 | 000,000,000 | ---D | C] -- D:\My Documents\My DeLorme Docs
[2012/09/24 10:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\DeLorme
[2012/09/24 10:19:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\History
[2012/09/24 10:19:24 | 000,000,000 | --SD | C] -- C:\WINDOWS\Temporary Internet Files
[2012/09/24 10:19:24 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Darth\Temporary Internet Files
[2012/09/24 10:19:24 | 000,000,000 | --SD | C] -- C:\WINDOWS\Cookies
[2012/09/24 10:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Local Settings\Application Data\ApplicationHistory
[2012/09/24 10:12:22 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/09/24 10:12:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/09/24 10:12:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/09/24 09:52:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Intuit
[2012/09/24 09:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\Intuit
[2012/09/24 09:52:41 | 000,000,000 | ---D | C] -- C:\QUICKENW
[2012/09/24 09:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/09/24 09:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/09/24 09:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2012/09/24 09:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/09/24 09:39:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/09/24 09:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/09/23 18:03:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2012/09/23 18:02:53 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/09/23 16:20:22 | 000,000,000 | ---D | C] -- C:\ViewSonic
[2012/09/23 15:33:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/09/23 12:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup Manager
[2012/09/23 12:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Startup Manager
[2012/09/23 12:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Startup Manager
[2012/09/23 11:44:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Darth\PrivacIE
[2012/09/23 11:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Scanner
[2012/09/23 11:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\ScanSoft
[2012/09/23 11:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2012/09/23 11:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2012/09/23 11:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2012/09/23 11:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2012/09/23 11:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\WINDOWS
[2012/09/23 11:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\NewSoft
[2012/09/23 11:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft PhotoStudio 5.5
[2012/09/23 11:38:33 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2012/09/23 11:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2012/09/23 11:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2012/09/23 11:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\InterTrust
[2012/09/23 11:37:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012/09/23 11:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/09/23 11:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/09/23 11:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\Adobe
[2012/09/23 11:35:57 | 000,389,180 | ---- | C] (Canon) -- C:\WINDOWS\System32\UCS32P.DLL
[2012/09/23 11:35:56 | 000,000,000 | -H-D | C] -- C:\CanoScan
[2012/09/23 10:24:45 | 000,000,000 | ---D | C] -- D:\My Documents\My Roboform
[2012/09/23 08:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2012/09/23 08:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MozBackup
[2012/09/23 08:52:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Darth\IETldCache
[2012/09/22 22:45:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/09/22 22:44:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/09/22 22:43:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/09/22 22:37:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2012/09/22 15:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\Free Download Manager
[2012/09/22 15:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Download Manager
[2012/09/22 15:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager
[2012/09/22 15:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/09/22 15:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2012/09/22 13:22:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2012/09/22 13:22:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/09/22 13:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2012/09/22 13:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Pro9000 Mark II series User Registration
[2012/09/22 13:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2012/09/22 13:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/09/22 13:12:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Local Settings\Application Data\Google
[2012/09/22 13:12:06 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/09/22 13:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/09/22 13:12:05 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/09/22 13:12:03 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/09/22 13:12:03 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/09/22 13:12:02 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/09/22 13:12:01 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/09/22 13:12:01 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/09/22 13:12:00 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/09/22 13:11:38 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/09/22 13:11:37 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/09/22 13:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/22 13:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/22 13:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
[2012/09/22 13:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Pro9000 Mark II series Manual
[2012/09/22 13:10:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/09/22 13:10:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2012/09/22 13:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Pro9000 II series
[2012/09/22 13:10:09 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/09/22 13:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/09/22 13:02:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012/09/22 13:02:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/09/22 12:49:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/22 12:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\FxsTmp
[2012/09/22 12:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2012/09/22 12:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/09/22 12:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2012/09/22 11:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Local Settings\Application Data\Thunderbird
[2012/09/22 11:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\Thunderbird
[2012/09/22 11:42:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/09/22 11:25:02 | 005,713,920 | R--- | C] (C-Media Corporation) -- C:\WINDOWS\System\c6501.cpl
[2012/09/22 11:25:01 | 001,419,776 | R--- | C] (C-Media Inc) -- C:\WINDOWS\System32\drivers\c6501.sys
[2012/09/22 11:25:01 | 000,253,952 | R--- | C] (C-Media Corporation) -- C:\WINDOWS\System32\c6501rm.exe
[2012/09/22 11:25:01 | 000,032,768 | R--- | C] (C-Media Electronics Inc.) -- C:\WINDOWS\System32\c6501p.dll
[2012/09/22 11:24:56 | 000,262,144 | R--- | C] (C-Media Corporation) -- C:\WINDOWS\Cmi6501Uninstall.exe
[2012/09/22 11:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\C-Media 6501 Sound
[2012/09/22 11:21:03 | 000,029,696 | ---- | C] (ALi Coporation) -- C:\WINDOWS\System32\dev32.exe
[2012/09/22 11:21:00 | 000,052,480 | ---- | C] (ULi Electronics Inc.) -- C:\WINDOWS\System32\drivers\m5289.sys
[2012/09/22 11:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/09/22 11:12:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/09/22 11:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\ULi
[2012/09/22 11:08:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012/09/22 11:08:48 | 000,045,056 | ---- | C] (ULi Electronics Inc.) -- C:\WINDOWS\System32\drivers\AGPKX.SYS
[2012/09/22 11:08:48 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/09/22 11:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/09/21 17:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Local Settings\Application Data\Mozilla
[2012/09/21 17:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\Mozilla
[2012/09/21 17:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/21 17:12:01 | 000,000,000 | ---D | C] -- C:\Downloads
[2012/09/21 16:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Application Data\Identities
[2012/09/21 16:24:22 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2012/09/21 16:24:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Darth\Application Data\Microsoft
[2012/09/21 16:24:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Darth\SendTo
[2012/09/21 16:24:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Darth\Application Data
[2012/09/21 16:24:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Darth\Start Menu\Programs\Startup
[2012/09/21 16:24:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Darth\Start Menu
[2012/09/21 16:24:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Darth\Favorites
[2012/09/21 16:24:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Darth\Start Menu\Programs\Accessories
[2012/09/21 16:24:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Darth\Cookies
[2012/09/21 16:24:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Darth\Templates
[2012/09/21 16:24:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Darth\PrintHood
[2012/09/21 16:24:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Darth\NetHood
[2012/09/21 16:24:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Darth\Local Settings
[2012/09/21 16:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\My Documents
[2012/09/21 16:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Local Settings\Application Data\Microsoft
[2012/09/21 16:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darth\Desktop
[2012/09/21 16:22:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/09/21 16:22:27 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/09/21 16:22:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/09/21 16:22:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2012/09/21 16:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2012/09/21 16:22:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2012/09/21 16:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2012/09/21 16:20:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/09/21 16:20:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/09/21 16:20:51 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/09/21 16:19:56 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/09/21 16:19:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/09/21 16:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/09/21 16:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/09/21 16:18:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2012/09/21 16:18:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/09/21 16:18:05 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/09/21 16:17:56 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/09/21 16:17:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2012/09/21 16:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012/09/21 16:17:21 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2012/09/21 16:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/09/21 16:17:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/09/21 16:17:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/09/21 16:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2012/09/21 16:16:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2012/09/21 16:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2012/09/21 16:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012/09/21 16:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012/09/21 16:16:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/09/21 16:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/09/21 16:16:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/09/21 16:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/09/21 16:15:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/09/21 16:15:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/09/21 16:15:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/09/21 16:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012/09/21 16:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/09/21 16:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2012/09/21 16:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2012/09/21 16:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/09/21 16:15:09 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2012/09/21 16:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012/09/21 16:15:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012/09/21 16:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/09/21 16:15:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/09/21 16:14:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/09/21 16:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/09/21 09:07:05 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/09/21 09:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/09/21 09:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012/09/21 09:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/09/21 09:07:00 | 000,000,000 | R--D | C] -- C:\Program Files
[2012/09/21 09:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/09/21 09:06:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/09/21 09:06:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/09/21 09:06:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/09/21 09:06:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2012/09/21 09:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/09/21 09:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2012/09/21 09:06:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/09/21 09:06:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/09/21 09:06:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/09/21 09:06:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/09/21 09:05:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/09/21 09:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2012/09/21 08:49:24 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2012/09/21 08:49:24 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/09/21 08:49:24 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2012/09/21 08:49:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/09/21 08:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2012/09/16 14:07:28 | 000,000,000 | ---D | C] -- D:\My Documents\RegRun2

========== Files - Modified Within 30 Days ==========

[2012/10/14 13:21:58 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/14 13:21:57 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/14 13:04:17 | 000,000,065 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2012/10/14 12:55:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/14 12:47:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Darth\Desktop\OTL.exe
[2012/10/14 12:23:45 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/14 12:22:45 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/14 12:21:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/14 12:21:39 | 2146,750,464 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/13 16:25:50 | 000,469,504 | -HS- | M] () -- C:\EUMONBMP.SYS
[2012/10/13 14:57:16 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Darth\Desktop\Sophos Virus Removal Tool.lnk
[2012/10/13 14:56:52 | 000,000,287 | ---- | M] () -- C:\Documents and Settings\Darth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to 5Music, etc. (H).lnk
[2012/10/13 14:56:23 | 000,000,287 | ---- | M] () -- C:\Documents and Settings\Darth\Desktop\Shortcut to 5Music, etc. (H).lnk
[2012/10/13 14:39:49 | 000,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/13 14:14:31 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Darth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to 3Documents (D).lnk
[2012/10/13 13:54:44 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2012/10/13 10:35:25 | 000,004,096 | -HS- | M] () -- C:\{EE27615C-D1F5-4706-8826-B2EF4AF74835}.CBM
[2012/10/12 15:46:36 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2012/10/12 11:33:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/11 11:08:29 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Darth\Desktop\0cruz93m.exe
[2012/10/10 16:03:17 | 000,000,512 | ---- | M] () -- D:\My Documents\MBR.dat
[2012/10/10 12:11:49 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Darth\Desktop\aswMBR.exe
[2012/10/10 11:34:27 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Darth\Desktop\tdsskiller.exe
[2012/10/07 12:22:09 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Darth\Desktop\Bulk Rename Utility.lnk
[2012/10/02 16:15:14 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SureThing CD Labeler Deluxe 4.lnk
[2012/10/02 13:48:13 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Darth\Desktop\SusProg3D.lnk
[2012/09/30 16:26:19 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2012/09/29 13:59:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\prestopm.INI
[2012/09/29 13:58:57 | 000,000,051 | ---- | M] () -- C:\NsScanforTest.ini
[2012/09/29 13:57:03 | 000,000,535 | ---- | M] () -- C:\Documents and Settings\Darth\Desktop\UnstopCopy.lnk
[2012/09/28 16:56:18 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EaseUS Todo Backup Free 5.0.lnk
[2012/09/28 15:35:40 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/09/27 19:20:05 | 000,001,783 | ---- | M] () -- C:\Documents and Settings\Darth\Desktop\CanoScan Toolbox.lnk
[2012/09/27 10:47:29 | 299,798,238 | ---- | M] () -- D:\My Documents\Thunderbird 16.0 (en-US) - 2012-09-27.pcv
[2012/09/25 12:35:36 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/09/25 12:35:35 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 2.0.lnk
[2012/09/24 14:11:27 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quicken 2006 Deluxe.lnk
[2012/09/24 14:11:18 | 000,000,803 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/09/24 14:03:32 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/09/24 11:34:43 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/09/24 10:28:55 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/09/24 10:28:55 | 000,000,636 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/09/24 10:28:52 | 000,001,031 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Street Atlas USA 2008 Plus.lnk
[2012/09/24 10:02:49 | 000,000,030 | ---- | M] () -- C:\WINDOWS\INTURS.DAT
[2012/09/24 10:02:39 | 000,000,024 | ---- | M] () -- C:\WINDOWS\qfnonl.ini
[2012/09/24 10:01:13 | 000,000,028 | ---- | M] () -- C:\WINDOWS\ICOA.INI
[2012/09/24 10:00:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\QFN.ini
[2012/09/24 10:00:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\QDQICK.ini
[2012/09/23 16:30:17 | 000,003,031 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/09/23 16:18:13 | 000,000,155 | ---- | M] () -- C:\WINDOWS\VSWizard.ini
[2012/09/23 15:53:23 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Darth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to 4Backups (G).lnk
[2012/09/23 15:51:13 | 000,000,995 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tclock.lnk
[2012/09/23 13:00:14 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Darth\Desktop\Startup Manager.lnk
[2012/09/23 11:43:52 | 000,000,549 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Manual CanoScan 8400F.lnk
[2012/09/23 11:41:55 | 000,000,532 | ---- | M] () -- C:\WINDOWS\MAXLINK.INI
[2012/09/23 11:40:24 | 000,151,566 | ---- | M] () -- C:\WINDOWS\System32\UninstIPP.isu
[2012/09/23 10:00:40 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2012/09/23 08:56:53 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MozBackup.lnk
[2012/09/22 15:26:40 | 000,003,669 | ---- | M] () -- C:\WINDOWS\mozver.dat
[2012/09/22 14:30:45 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\Darth\Application Data\Microsoft\Internet Explorer\Quick Launch\Control Panel.lnk
[2012/09/22 13:21:39 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Pro9000 Mark II series User Registration.LNK
[2012/09/22 13:12:10 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2012/09/22 13:12:01 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/22 13:10:53 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My Printer.lnk
[2012/09/22 13:10:38 | 000,002,007 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Pro9000 Mark II series On-screen Manual.lnk
[2012/09/22 12:46:12 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2012/09/22 12:22:38 | 000,000,213 | ---- | M] () -- C:\WINDOWS\System\C6501.ini
[2012/09/22 12:16:43 | 000,001,753 | ---- | M] () -- C:\WINDOWS\Status.mif
[2012/09/22 12:16:32 | 000,000,918 | ---- | M] () -- C:\WINDOWS\ATICIM.INI
[2012/09/21 17:17:08 | 000,000,377 | ---- | M] () -- C:\Documents and Settings\Darth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to temp.lnk
[2012/09/21 17:16:13 | 000,000,406 | ---- | M] () -- C:\Documents and Settings\Darth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Downloads.lnk
[2012/09/21 17:14:14 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/21 16:33:53 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Darth\Desktop\My Computer.lnk
[2012/09/21 16:24:29 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Darth\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/09/21 16:21:23 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/09/21 16:19:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/09/21 16:19:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/09/21 16:19:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/09/21 16:19:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/09/21 16:19:06 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/09/21 16:19:06 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/09/21 16:16:16 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/09/21 09:11:02 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF

========== Files Created - No Company Name ==========

[2012/10/13 14:56:52 | 000,000,287 | ---- | C] () -- C:\Documents and Settings\Darth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to 5Music, etc. (H).lnk
[2012/10/13 14:56:23 | 000,000,287 | ---- | C] () -- C:\Documents and Settings\Darth\Desktop\Shortcut to 5Music, etc. (H).lnk
[2012/10/13 13:54:44 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2012/10/13 13:54:44 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
[2012/10/13 13:54:43 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012/10/13 10:35:25 | 000,004,096 | -HS- | C] () -- C:\{EE27615C-D1F5-4706-8826-B2EF4AF74835}.CBM
[2012/10/11 11:24:09 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Darth\Desktop\0cruz93m.exe
[2012/10/10 16:03:17 | 000,000,512 | ---- | C] () -- D:\My Documents\MBR.dat
[2012/10/07 12:22:09 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Darth\Desktop\Bulk Rename Utility.lnk
[2012/10/02 16:37:43 | 2146,750,464 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/02 16:15:14 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SureThing CD Labeler Deluxe 4.lnk
[2012/10/02 13:48:13 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Darth\Desktop\SusProg3D.lnk
[2012/10/02 13:10:46 | 000,032,770 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Subaru.s3d
[2012/10/02 13:10:46 | 000,032,770 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\SRD912.s3d
[2012/10/02 13:10:46 | 000,032,770 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Sedan.s3d
[2012/10/02 13:10:46 | 000,032,770 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Porsche928.s3d
[2012/10/02 13:10:46 | 000,032,770 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Nascar.s3d
[2012/10/02 13:10:46 | 000,032,770 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\LotusCortina.s3d
[2012/10/02 13:10:46 | 000,032,770 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Jaguar.s3d
[2012/10/02 13:10:46 | 000,032,770 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\HoldenVT.s3d
[2012/10/02 13:10:46 | 000,032,770 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\GM4link.s3d
[2012/10/02 13:10:46 | 000,032,770 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\FalconAU.s3d
[2012/10/02 13:10:46 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2012/09/30 16:32:55 | 000,469,504 | -HS- | C] () -- C:\EUMONBMP.SYS
[2012/09/30 16:26:19 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2012/09/29 13:59:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2012/09/29 13:58:57 | 000,000,051 | ---- | C] () -- C:\NsScanforTest.ini
[2012/09/29 13:57:03 | 000,000,535 | ---- | C] () -- C:\Documents and Settings\Darth\Desktop\UnstopCopy.lnk
[2012/09/28 16:56:21 | 000,040,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2012/09/28 16:56:18 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EaseUS Todo Backup Free 5.0.lnk
[2012/09/28 15:35:40 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/09/28 15:07:54 | 000,002,561 | ---- | C] () -- C:\Documents and Settings\Darth\Desktop\Sophos Virus Removal Tool.lnk
[2012/09/27 19:20:05 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\Darth\Desktop\CanoScan Toolbox.lnk
[2012/09/27 17:39:00 | 000,068,516 | ---- | C] () -- C:\WINDOWS\Unnero.cfg
[2012/09/27 10:46:27 | 299,798,238 | ---- | C] () -- D:\My Documents\Thunderbird 16.0 (en-US) - 2012-09-27.pcv
[2012/09/25 15:50:10 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/25 12:35:36 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/09/25 12:35:35 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Elements 2.0.lnk
[2012/09/25 12:35:35 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 2.0.lnk
[2012/09/24 14:11:27 | 000,001,577 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quicken 2006 Deluxe.lnk
[2012/09/24 14:03:32 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/09/24 10:28:52 | 000,001,031 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Street Atlas USA 2008 Plus.lnk
[2012/09/24 10:02:49 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2012/09/24 10:02:39 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2012/09/24 10:01:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2012/09/24 10:00:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2012/09/24 10:00:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2012/09/24 09:53:15 | 000,000,803 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2012/09/24 09:40:45 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/09/23 18:03:38 | 000,088,566 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2012/09/23 18:03:37 | 000,017,056 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2012/09/23 16:30:17 | 000,003,031 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/09/23 16:30:14 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2012/09/23 16:08:35 | 000,000,155 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2012/09/23 15:53:23 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\Darth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to 4Backups (G).lnk
[2012/09/23 15:51:13 | 000,000,995 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tclock.lnk
[2012/09/23 12:47:42 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Darth\Desktop\Startup Manager.lnk
[2012/09/23 11:43:52 | 000,000,549 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Manual CanoScan 8400F.lnk
[2012/09/23 11:41:55 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2012/09/23 11:40:23 | 000,151,566 | ---- | C] () -- C:\WINDOWS\System32\UninstIPP.isu
[2012/09/23 11:40:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2012/09/23 11:40:15 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2012/09/23 11:37:48 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Reader 5.0.lnk
[2012/09/23 10:00:40 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/09/23 10:00:40 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2012/09/23 08:56:53 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MozBackup.lnk
[2012/09/22 15:26:36 | 000,003,669 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2012/09/22 14:30:45 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\Darth\Application Data\Microsoft\Internet Explorer\Quick Launch\Control Panel.lnk
[2012/09/22 13:21:39 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Pro9000 Mark II series User Registration.LNK
[2012/09/22 13:12:10 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2012/09/22 13:12:01 | 000,000,362 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/22 13:10:53 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Printer.lnk
[2012/09/22 13:10:38 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Pro9000 Mark II series On-screen Manual.lnk
[2012/09/22 13:05:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/22 13:05:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/09/22 12:46:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2012/09/22 12:46:03 | 000,000,535 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2012/09/22 12:46:02 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\fxscount.h
[2012/09/22 12:45:00 | 000,001,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\quotes
[2012/09/22 12:35:37 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012/09/22 12:35:37 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2012/09/22 12:35:37 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/09/22 12:35:19 | 000,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2012/09/22 12:16:38 | 000,001,753 | ---- | C] () -- C:\WINDOWS\Status.mif
[2012/09/22 12:16:32 | 000,000,918 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2012/09/22 11:25:25 | 000,000,213 | ---- | C] () -- C:\WINDOWS\System\C6501.ini
[2012/09/22 11:25:01 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\c6501rm.dll
[2012/09/22 11:21:01 | 000,009,621 | ---- | C] () -- C:\WINDOWS\System32\drivers\ulisata.cat
[2012/09/22 11:08:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\unagp.exe
[2012/09/21 17:17:08 | 000,000,377 | ---- | C] () -- C:\Documents and Settings\Darth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to temp.lnk
[2012/09/21 17:16:13 | 000,000,406 | ---- | C] () -- C:\Documents and Settings\Darth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Downloads.lnk
[2012/09/21 17:14:14 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/21 17:14:14 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/21 16:34:54 | 000,001,137 | ---- | C] () -- C:\Documents and Settings\Darth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to 3Documents (D).lnk
[2012/09/21 16:33:53 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Darth\Desktop\My Computer.lnk
[2012/09/21 16:24:29 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Darth\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/09/21 16:24:23 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Darth\Start Menu\Programs\Outlook Express.lnk
[2012/09/21 16:24:22 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Darth\Start Menu\Programs\Internet Explorer.lnk
[2012/09/21 16:24:17 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Darth\Start Menu\Programs\Remote Assistance.lnk
[2012/09/21 16:24:17 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Darth\Start Menu\Programs\Windows Media Player.lnk
[2012/09/21 16:21:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/09/21 16:20:47 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/09/21 16:20:32 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/09/21 16:20:26 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/09/21 16:20:25 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/09/21 16:20:24 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/09/21 16:20:15 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/09/21 16:20:11 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/09/21 16:20:07 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012/09/21 16:19:58 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/09/21 16:19:10 | 000,002,625 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/21 16:19:10 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/09/21 16:19:10 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/09/21 16:19:10 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/09/21 16:19:10 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/09/21 16:19:06 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/09/21 16:19:06 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/09/21 16:19:05 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2012/09/21 16:17:55 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/09/21 16:17:43 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2012/09/21 16:17:31 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2012/09/21 16:17:31 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2012/09/21 16:17:25 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012/09/21 16:16:54 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2012/09/21 16:16:17 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/09/21 16:16:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/09/21 16:15:50 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/09/21 16:15:28 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2012/09/21 16:15:28 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2012/09/21 16:15:28 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2012/09/21 16:15:28 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2012/09/21 16:15:28 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2012/09/21 16:15:28 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2012/09/21 16:15:28 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2012/09/21 16:15:28 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2012/09/21 16:15:28 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2012/09/21 16:15:28 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2012/09/21 16:15:28 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2012/09/21 16:15:25 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2012/09/21 16:15:25 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2012/09/21 16:15:24 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2012/09/21 16:15:19 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2012/09/21 09:11:02 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2012/09/21 09:07:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/09/21 09:07:02 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012/09/21 09:07:02 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012/09/21 09:07:01 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012/09/21 09:07:01 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012/09/21 09:06:46 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/09/21 09:06:35 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2012/09/21 09:06:35 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/09/21 09:06:35 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/09/21 09:06:35 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2012/09/21 09:06:35 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2012/09/21 09:06:35 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/09/21 09:06:35 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2012/09/21 09:06:35 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012/09/21 09:06:35 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2012/09/21 09:06:35 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012/09/21 09:06:35 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2012/09/21 09:06:35 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/09/21 09:06:35 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012/09/21 09:06:35 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012/09/21 09:06:35 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/09/21 09:06:35 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/09/21 09:06:35 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2012/09/21 09:06:34 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012/09/21 09:06:34 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012/09/21 09:05:06 | 000,235,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/21 08:56:38 | 000,000,223 | RHS- | C] () -- C:\boot.ini
[2012/09/21 08:56:34 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

========== ZeroAccess Check ==========

[2012/09/24 10:12:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 15:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/22 13:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/10/13 13:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2012/09/22 13:10:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/09/22 13:22:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/10/04 13:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2012/09/22 13:22:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2012/09/22 15:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/09/28 15:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/09/23 11:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2012/09/23 11:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2012/09/23 12:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Startup Manager
[2012/09/27 19:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/10/13 13:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darth\Application Data\Canneverbe Limited
[2012/09/30 15:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darth\Application Data\Canon
[2012/10/14 13:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darth\Application Data\Free Download Manager
[2012/09/24 14:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darth\Application Data\ImgBurn
[2012/09/23 11:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darth\Application Data\InterTrust
[2012/09/23 11:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darth\Application Data\NewSoft
[2012/09/23 11:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darth\Application Data\ScanSoft
[2012/09/22 11:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darth\Application Data\Thunderbird

========== Purity Check ==========



< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP