Jump to content

Continual restarts, BSOD


Recommended Posts

When I turn my computer on, I get an infinite loop of BlueScreenOfDeath (momentarily), followed by a reboot. After all kinds of trial and error, I found that if I ran an UltimateBoot CD, ran HijackThis, and used that to "fix" some files, I could actually get Windows XP to start correctly.

However, if I restart or shut down, I end up back in the BSOD loop again (and have to run HijackThis again, to escape the loop).

None of the anti-virus/anti-malware included on UltimateBoot detected anything, nor did Malwarebytes.

Possibly related: once I finally get Windows XP going, I get a popup (repeatedly) that says "supposees aboya Run-time error '53': File not found".

attach.txt

dds.txt

Link to post
Share on other sites

Hello FuntimeError and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

  1. Download OTLPEStd.exe to your desktop
  2. Ensure that you have a blank CD in the drive
  3. Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  4. Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  5. As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  6. Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  7. Double-click on the OTLPE icon.
  8. Select the Windows folder of the infected drive if it asks for a location
  9. When asked "Do you wish to load the remote registry", select Yes
  10. When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  11. Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  12. OTL should now start.
  13. Drag and drop this attached scan.txt into the Custom scans and fixes box
  14. Press Run Scan to start the scan.
  15. When finished, the file will be saved in drive C:\OTL.txt
  16. Copy this file to your USB drive if you do not have internet connection on this system.
  17. Right click the file and select send to : select the USB drive.
  18. Confirm that it has copied to the USB drive by selecting it
  19. You can backup any files that you wish from this OS
  20. Please post the contents of the C:\OTL.txt file in your reply.

Link to post
Share on other sites

Okay. Thanks. Contents of the OTL file are below. I'm posting it in two parts because it is apparently too long.

OTL logfile created on: 8/22/2012 5:49:21 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 292.00 Mb Available Physical Memory | 58.00% Memory free

454.00 Mb Paging File | 326.00 Mb Available in Paging File | 72.00% Paging File free

Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 93.16 Gb Total Space | 59.95 Gb Free Space | 64.35% Space Free | Partition Type: NTFS

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)

SRV - [2012/08/15 11:49:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/27 20:59:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/03 16:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | On_Demand] -- -- (catchme)

DRV - [2012/07/03 16:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2006/10/29 11:16:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006/10/29 11:15:22 | 004,249,088 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/10/29 11:12:48 | 000,307,968 | R--- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2006/10/29 11:12:48 | 000,051,328 | R--- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/10/29 11:12:18 | 001,428,480 | R--- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®

DRV - [2005/11/16 21:03:34 | 001,122,688 | R--- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2005/05/11 22:47:56 | 000,371,712 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/01/17 07:15:20 | 000,004,864 | R--- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3)

DRV - [2001/08/01 08:00:22 | 000,005,248 | R--- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:13464

IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:4240

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/27 20:59:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/18 00:14:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/07/27 20:59:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/11/04 23:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/04 23:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/29 14:20:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKLM..\Run: [Arturo Free] C:\WINDOWS\Arturo Free.exe (auréole radiodiffusé)

O4 - HKLM..\Run: [Otho] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\Run: [Yuma Willey] C:\Documents and Settings\Owner\Application Data\Yuma Willey\Yuma Willey.exe (auréole radiodiffusé)

O4 - HKU\Owner_ON_C..\Run: [Muhammad] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\Owner_ON_C..\Run: [Yuma Willey] C:\Documents and Settings\Owner\Application Data\Yuma Willey\Yuma Willey.exe (auréole radiodiffusé)

O4 - HKU\Owner_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - AppInit_DLLs: (C:\WINDOWS\0dd9520fd5828df1cddedd00d2924117.dll) - C:\WINDOWS\0dd9520fd5828df1cddedd00d2924117.dll ()

O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/03/05 12:52:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/08/22 19:23:53 | 098,077,435 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\OTLPEStd.exe

[2012/08/22 19:16:44 | 000,319,488 | RHS- | C] (auréole radiodiffusé) -- C:\Documents and Settings\Owner\Application Data\0dd9520fd5828df1cddedd00d2924117.CtIiycX6

[2012/08/19 13:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MovingToANewHome

[2012/08/19 02:48:03 | 000,319,488 | RHS- | C] (auréole radiodiffusé) -- C:\Documents and Settings\Owner\Application Data\ef5aea7101bd807f1651418d4a5bd420.CtIiycX6

[2012/08/19 02:12:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com

[2012/08/18 23:41:46 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.62.0.1300.exe

[2012/08/18 23:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb

[2012/08/18 20:52:37 | 000,210,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll

[2012/08/18 20:51:24 | 000,319,488 | RHS- | C] (auréole radiodiffusé) -- C:\Documents and Settings\Owner\Application Data\ebf7c9f5882ce477a7e2ae21933ece9d.CtIiycX6

[2012/08/18 12:23:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies

[2012/08/18 12:23:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\Cookies

[2012/08/18 12:23:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Cookies

[2012/08/18 12:23:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies

[2012/08/18 12:23:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Cookies

[2012/08/18 12:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temporary Internet Files

[2012/08/18 12:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp

[2012/08/18 12:23:41 | 000,000,000 | ---D | C] -- C:\System Volume Information

[2012/08/18 12:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Recent

[2012/08/18 12:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Recent

[2012/08/18 12:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Recent

[2012/08/18 12:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Recent

[2012/08/18 12:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Recent

[2012/08/18 12:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2012/08/18 12:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\History

[2012/08/18 12:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cookies

[2012/08/18 12:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Cookies

[2012/08/17 19:03:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Canon Easy-WebPrint EX

[2012/08/17 18:48:39 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\PrivacIE

[2012/08/17 18:47:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\IECompatCache

[2012/08/17 18:41:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\IETldCache

[2012/08/17 18:40:13 | 000,319,488 | ---- | C] (auréole radiodiffusé) -- C:\Documents and Settings\Owner\Application Data\9b36a6bdb229a02303036effa9f900e2.CtIiycX6

[2012/08/17 18:40:05 | 000,319,488 | RHS- | C] (auréole radiodiffusé) -- C:\WINDOWS\Otho.Otho

[2012/08/17 18:40:03 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Owner\Application Data\Muhammad

[2012/08/17 18:40:00 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Owner\Application Data\Yuma Willey

[2012/08/17 18:39:57 | 000,000,000 | RHSD | C] -- C:\WINDOWS\Tonnie

[2012/08/17 18:39:54 | 000,000,000 | RHSD | C] -- C:\WINDOWS\Alvin Winthrop

[2012/08/17 18:39:52 | 000,319,488 | RHS- | C] (auréole radiodiffusé) -- C:\WINDOWS\Arturo Free.exe

[2012/08/17 18:39:27 | 000,319,488 | ---- | C] (auréole radiodiffusé) -- C:\Program Files\update.exe

[2012/08/15 11:49:43 | 009,826,504 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe

[2012/08/08 12:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2012/08/08 12:50:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[26 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/22 19:36:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/08/22 19:35:24 | 000,000,050 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\0dd9520fd5828df1cddedd00d29241176.dat

[2012/08/22 19:34:21 | 000,000,050 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\0dd9520fd5828df1cddedd00d29241176.dat

[2012/08/22 19:34:21 | 000,000,050 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\0dd9520fd5828df1cddedd00d29241176.dat

[2012/08/22 19:34:12 | 000,000,050 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\0dd9520fd5828df1cddedd00d29241176.dat

[2012/08/22 19:30:00 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\OTLPEStd.exe

[2012/08/22 19:22:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\0dd9520fd5828df1cddedd00d2924117O0Ko1u34

[2012/08/22 19:17:31 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\9f4c1be674ebe56b4f434f9f77a4561b

[2012/08/22 19:17:05 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\147d8c3789ee14c77699d0b5e0a1a052

[2012/08/22 19:17:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\f84b52fad026412ae5de880dde6a13f6

[2012/08/22 19:17:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\df2d661c77998ccba7e18fd542f98b45

[2012/08/22 19:17:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\b9667eb90de4ab632ec33241a653de52

[2012/08/22 19:17:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\ab61c7e2f1e64f224b03c73452167892

[2012/08/22 19:17:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\934f4abbab6af92c725178478b25c7b8

[2012/08/22 19:17:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\926f9bcd22717b521724be8131446b75

[2012/08/22 19:17:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\73a9d38ef9a0fef4970821d9c66bb3cc

[2012/08/22 19:17:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\6defaccaad5298a109effe1d8cba9ce9

[2012/08/22 19:17:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\69198bbdd8b69af79a39bd92f107ba06

[2012/08/22 19:17:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\5d7f16593c0abd39312e5540a30ce9e5

[2012/08/22 19:17:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\4ee2910c6e93cd3b420714e202326a00

[2012/08/22 19:17:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\4e0e8ed409fd063b9e98afd604241934

[2012/08/22 19:17:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\347de3c3dd425e7da7948122465f2d40

[2012/08/22 19:17:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\2a4f5bf11519cdca143be251360499b1

[2012/08/22 19:17:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\0dd9520fd5828df1cddedd00d2924117O0Ko1u34

[2012/08/22 19:17:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\0dd9520fd5828df1cddedd00d2924117O0Ko1u34

[2012/08/22 19:16:50 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\352d0e8e824ffb76474f83d0e733591b

[2012/08/22 19:16:50 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\0dd9520fd5828df1cddedd00d2924117O0Ko1u34

[2012/08/22 19:16:42 | 000,225,281 | RHS- | M] () -- C:\WINDOWS\0dd9520fd5828df1cddedd00d2924117.dll

[2012/08/22 19:16:42 | 000,225,281 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Bartram.dll

[2012/08/22 19:15:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/08/19 14:49:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/08/19 14:00:10 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/08/19 13:46:24 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/08/19 03:30:29 | 000,000,050 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\ef5aea7101bd807f1651418d4a5bd4206.dat

[2012/08/19 03:27:07 | 000,000,050 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\ef5aea7101bd807f1651418d4a5bd4206.dat

[2012/08/19 03:26:10 | 000,000,050 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\ef5aea7101bd807f1651418d4a5bd4206.dat

[2012/08/19 03:26:10 | 000,000,050 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\ef5aea7101bd807f1651418d4a5bd4206.dat

[2012/08/19 03:02:10 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\28cb4935e4fa116e4d993dbd81eb9092

[2012/08/19 03:01:55 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\c30cfbd20141657fb59836e3bd235649

[2012/08/19 03:01:55 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\5823939f16cfcbecfd23f5197e0176bb

[2012/08/19 03:01:54 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\fd35a36a189ce3427912b4760e4addb0

[2012/08/19 03:01:54 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\30e9bf4e0b4ba2a7f2b2d7a76f655de2

[2012/08/19 03:01:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\dc0cc643810f4e153d4ce7f3bd56dc0e

[2012/08/19 03:01:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\8360f05a91c20bb1dc1889906a222185

[2012/08/19 03:01:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\645574cfce3e08307d8197f565da9c35

[2012/08/19 03:01:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\496409f2231e77e9240957a56051191a

[2012/08/19 03:01:52 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\da07d4ffc5434e1f58f82e0f992a7eb5

[2012/08/19 03:01:52 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\c0df10be9f50ad12a933ff4560b96a13

[2012/08/19 03:01:51 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\faf07b0b9b9e210e7ad5f1446683b616

[2012/08/19 03:01:50 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\8a2c8d49907d8ec14be6b3aa6e8c8f9f

[2012/08/19 03:01:50 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\4b4babba8a6f536bfe8d29ce2db199f5

[2012/08/19 03:01:50 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\1ceb83085dd04393e8a87c9f54c515f1

[2012/08/19 03:01:49 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\f4dbe8dc19117bf25913a6d5fe1d7d0a

[2012/08/19 03:01:49 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\64adc1392ec4b15bfe9ce49edc2185c4

[2012/08/19 03:01:49 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\49bfc4bc18da631e3b5dc6e4b6dd7ce6

[2012/08/19 03:01:49 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\4594233480ce43aaa5d6b8c556256ced

[2012/08/19 03:01:49 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\21ed0578dbf1f61298caec230bc484e6

[2012/08/19 03:01:48 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\c2f86d5a28373ce40a5db34f94b5a428

[2012/08/19 03:01:48 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\a097bc014c309613370eff85238c6126

[2012/08/19 03:01:48 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\781ca566aac57cb4aeb6e0e77bdc0735

[2012/08/19 03:01:48 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\46ed79bc1441528ad96ffacdbad12413

[2012/08/19 03:01:47 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\dfb04da08d24c87dc94484a412cca02d

[2012/08/19 03:01:47 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\a75caca53e69cc1384be9222a8bf7f81

[2012/08/19 03:01:46 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\2fcc20494bf032451a36c2c18e776b16

[2012/08/19 03:01:45 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\b6f8f5f838c511513c4c6c45ec9586e9

[2012/08/19 03:01:45 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\4e2f752bca6feb64f79d23665d78bb7e

[2012/08/19 03:01:45 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\1e36b7ef29793189682d1d1e2efce6e3

[2012/08/19 03:01:44 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\32771cb89e61d9693c638095761635eb

[2012/08/19 03:01:44 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\31cd0c81e0bb0c6cc0108fc2ab9311a6

[2012/08/19 03:01:44 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\2798cdeeb8068057cbc2abf7875f0cca

[2012/08/19 03:01:43 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\d129cf256d7fc7684419f54f57be37ee

[2012/08/19 03:01:43 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\6b36b1bd7d09b9695263d0ecb7410038

[2012/08/19 03:01:43 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\260534e2efe88455f5a6c709b7af5057

[2012/08/19 03:01:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\de34474e3edb7a193d4906fbc3868e5b

[2012/08/19 03:01:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\10e206d7a64f5d041700109f2cf82b0d

[2012/08/19 03:01:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\0f7908b1f8b612ecd526d3f90fdf30ab

[2012/08/19 03:01:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\e0222f83289d6ff869cbca875894df70

[2012/08/19 03:01:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\d21e991d3c9e257f24fbae17af6065b7

[2012/08/19 03:01:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\5cb4d4e4794fcb643c5d6eece3d3fdf8

[2012/08/19 03:01:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\0a9d6876f8dd1ce8bb0c1ec9b6955853

[2012/08/19 03:01:40 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\b07d581d07410b9dd9a93f6bd44d5a1e

[2012/08/19 03:01:40 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\81f5f729d51a00edd733cb5a95f71297

[2012/08/19 03:01:40 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\506a5ebd19dba216badef59f075bdb15

[2012/08/19 03:01:40 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\3ae4a644c7595f5c024f6c9ca457867c

[2012/08/19 03:01:40 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\1bf9fd572caf7e2304ad2cdc41a76919

[2012/08/19 03:01:39 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\c19839005eb9562c2130ea3a73cffa4e

[2012/08/19 03:01:39 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\7a5a98fa96fadbc4b102083b18f8412d

[2012/08/19 03:01:39 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\7525ad667a2e2d9a26996ff5752f3feb

[2012/08/19 03:01:38 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\fc6c1c86df93adae95c8c94258114e59

[2012/08/19 03:01:38 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\85883bff112391b3c7d3a52ee507e683

[2012/08/19 03:01:38 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\80229955c9d1683794855df906d551c9

[2012/08/19 03:01:38 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\2882b324099fa10fcafdff4838d7d0cd

[2012/08/19 03:01:37 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\62d7de070d41518862205e6cdc4e953f

[2012/08/19 03:01:35 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\280b82aad63635a35608d33967af4b98

[2012/08/19 03:01:34 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\a71f491e61d784fd035e03b51c245448

[2012/08/19 03:01:34 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\a18ccfc99b431318b2fb0b4a640879d0

[2012/08/19 03:01:34 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\06ccf9bf9bc77062472f85618a98c213

[2012/08/19 03:01:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\ef1ecd849cf4ea7f2ffca5aa5d174201

[2012/08/19 03:01:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\74165034c7ea5637ff5e4000190045d4

[2012/08/19 03:01:32 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\ee2cca46adfc1687a81363c9c75cf99d

[2012/08/19 03:01:32 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\0fa64b159d4a374061383a90bc50b72d

[2012/08/19 03:01:31 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\b16869873f3c13860f6bf3e12709d7b4

[2012/08/19 03:01:31 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\a493bd2f30cd88e332b46f0249f34514

[2012/08/19 03:01:31 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\84ffab3cdd66e466db72a52613d64803

[2012/08/19 03:01:31 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\39aa46765871a13c25f3f04cc6f387f4

[2012/08/19 03:01:30 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\e4c95e25a6ea7d7a1563d655936c7cae

[2012/08/19 03:01:30 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\a6b64013c13c1bf61a4a9a602c48976e

[2012/08/19 03:01:29 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\bd7253b162d6dffa0e361d98bfebe0be

[2012/08/19 03:01:27 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\b74e7d0231e7f3fcbf9ca3c07c2260a3

[2012/08/19 03:01:27 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\683ad9dbb518e5fedae564a9990c2068

[2012/08/19 03:01:26 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\66f44f3e5e8bc7378c4bde73db8ee166

[2012/08/19 02:58:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/08/19 02:57:24 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\f3521c735718601828fcdad03e1b9ae9

[2012/08/19 02:54:24 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\ef5aea7101bd807f1651418d4a5bd420O0Ko1u34

[2012/08/19 02:50:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\6df28a76cf0bf0b9da527de79d03b5f7

[2012/08/19 02:48:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\bbb0a8c3339eb3758535b967f1bc8de9

[2012/08/19 02:48:24 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\ef5aea7101bd807f1651418d4a5bd420O0Ko1u34

[2012/08/19 02:48:24 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\ef5aea7101bd807f1651418d4a5bd420O0Ko1u34

[2012/08/19 02:48:24 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\de0759fd1f7a4e0121389c73fb3aefb0

[2012/08/19 02:48:24 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\d709c5a490eb3bf1d63ff8692c8088ac

[2012/08/19 02:48:24 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\bfeab99caf35db9a648404c57fd81f73

[2012/08/19 02:48:24 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\aa35ed505c9323f5a22b1af29e05fcee

[2012/08/19 02:48:24 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\91a9981ee1f8e30d6bf74418814db72d

[2012/08/19 02:48:24 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\848bdf38bf8fd0acbb729a7468b0dce8

[2012/08/19 02:48:24 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\7dbffbdc6b29740e12bf5c29262127e3

[2012/08/19 02:48:24 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\41993ebb1d3ce322c3fc15fd18cb9736

[2012/08/19 02:48:24 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\242abdbfbc2bee8832976da69c14bd36

[2012/08/19 02:48:24 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\1cd1d9fa890a021e5888aa4a8d69f9df

[2012/08/19 02:48:24 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\177fbaf0392e9e0463393d1f032d2f9c

[2012/08/19 02:48:24 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\14f51891e20d2e2e988d27084d67a853

[2012/08/19 02:48:23 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\5d87c8334da399f859cd69edb470e448

[2012/08/19 02:48:18 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\f46cc8f918667bfe537112e1a8564d86

[2012/08/19 02:48:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\b33a9a2ae063ddeda5eb2e58b9a781ab

[2012/08/19 02:48:18 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\694beb4668dce9c4bd2eb47d066c31a7

[2012/08/19 02:48:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\4159a670ff268bcfee79d7377c61ddc3

[2012/08/19 02:48:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\2385f65956d877ba843e06671059aa0e

[2012/08/19 02:48:08 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\ef5aea7101bd807f1651418d4a5bd420O0Ko1u34

[2012/08/19 02:48:08 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\49fd3240b637aac6fa464fd68144be14

[2012/08/19 02:48:08 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\191075d114d903b7dfd32c537f5eac4c

[2012/08/19 02:48:01 | 000,225,281 | RHS- | M] () -- C:\WINDOWS\ef5aea7101bd807f1651418d4a5bd420.dll

[2012/08/19 02:31:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\ebf7c9f5882ce477a7e2ae21933ece9dO0Ko1u34

[2012/08/19 02:31:16 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\ebf7c9f5882ce477a7e2ae21933ece9dO0Ko1u34

[2012/08/19 02:28:07 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\73d0db30c2374a9c59ea927f4f713054

[2012/08/19 02:27:18 | 000,000,050 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\ebf7c9f5882ce477a7e2ae21933ece9d6.dat

[2012/08/19 02:26:53 | 000,000,050 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\ebf7c9f5882ce477a7e2ae21933ece9d6.dat

[2012/08/19 02:26:49 | 000,000,050 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\ebf7c9f5882ce477a7e2ae21933ece9d6.dat

[2012/08/19 02:26:35 | 000,000,050 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\ebf7c9f5882ce477a7e2ae21933ece9d6.dat

[2012/08/19 02:26:10 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\45d2cf71ab77e429b7ce77b7bf11947b

[2012/08/19 02:26:09 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\feaac1c81441513da9aaf1da9e65337e

[2012/08/19 02:26:09 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\71110d5e0818fec7014269f9e9f4c4fd

[2012/08/19 02:26:09 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\45a7aed7a82ed338b4e8619f60430960

[2012/08/19 02:26:08 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\87d87cd625f3bea66f35b45d48ad086f

[2012/08/19 02:26:08 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\7f810eb43f892b780950be5e686104d0

[2012/08/19 02:26:08 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\70029ca1b10954940ceea4db3dfe7fab

[2012/08/19 02:26:08 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\534e2c8cfb8d26f89a377058a21e09f9

[2012/08/19 02:26:07 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\80f5d3f8a1fcf7c412b6c7d8815a325e

[2012/08/19 02:26:06 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\fe2b5420d7a87483f5abf517be96ce35

[2012/08/19 02:26:06 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\81c4944d0b8d82cd40b6459642f3a081

[2012/08/19 02:26:05 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\a6b989a5dccd0f9ac0b602ca97d9dd08

[2012/08/19 02:26:05 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\a42295cf5b22a65248033ebb6623ed8d

[2012/08/19 02:26:05 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\9db4d6d9a00f28247eeabefbc2479c8e

[2012/08/19 02:26:05 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\8ba3e10351b4646d08b00f5ec3922d7c

[2012/08/19 02:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\deb760e31381d2bef610881286f9c5f7

[2012/08/19 02:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\304ed53f8d45ffbe40dc8a076cfc8e87

[2012/08/19 02:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\0b9b818447d19f371dba1802e2d596e3

[2012/08/19 02:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\002aca0564dfd0e2b5ac2b467c0a314a

[2012/08/19 02:26:03 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\cab3e9153c2e330fa596d505ac046d45

[2012/08/19 02:26:03 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\b6aacb0c97dee58a17375c575df8de37

[2012/08/19 02:26:03 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\29c36ad54dce8e8f0f2da2cd8f33bc03

[2012/08/19 02:26:02 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\e7c5212c68e6502380277b54f1ee4781

[2012/08/19 02:26:02 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\828aa84aa8e5429b180f475e31d81f2c

[2012/08/19 02:26:02 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\51f65182e14061f79ce5a94fe152478b

[2012/08/19 02:26:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\e30b602d9afd8874f6afd85b6e7d5f2a

[2012/08/19 02:26:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\c5877927d035879b69a96aba0709122c

[2012/08/19 02:26:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\362884e76b5fc4c4f32da06155203cab

[2012/08/19 02:26:00 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\204f3d61b3f9103520e30019a5c6825f

[2012/08/19 02:25:59 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\c708a0b1f61c9de633282f5e87e446e3

[2012/08/19 02:25:59 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\5fe8c050cc10fe664f2df1c9e687ccd1

[2012/08/19 02:25:58 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\d8b5a4984cf991d5e547c3f5931d3a6b

[2012/08/19 02:25:58 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\9f1a3b59713550dd460f838681f9ab2c

[2012/08/19 02:25:58 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\7ca47f8ef6dee15cb27759ece1bcd682

[2012/08/19 02:25:58 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\77e1e701370f6fb71dbb7e9f31173fe4

[2012/08/19 02:25:57 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\b16a9c6c88c7f074a232bdea527aef3d

[2012/08/19 02:25:57 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\1b5aa6ec14d07ede8516864762505181

[2012/08/19 02:25:56 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\c6f705f5c4ed2d97ece26ff1e032b9bc

[2012/08/19 02:25:56 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\a067e50d6a6a25544ee30190e39dc07c

[2012/08/19 02:25:56 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\88fa111ff1c1d6d6fc0b3b95cb1267ae

[2012/08/19 02:25:56 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\639b364d24bf9f6b8c33ed5c615441de

[2012/08/19 02:25:55 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\b748cf1218828640ffe869337769340b

[2012/08/19 02:25:55 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\ac0b13fac7d93de774732888e4df3612

[2012/08/19 02:25:55 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\74d94d3edeb6c0187e9a3bfcb2fef0d8

[2012/08/19 02:25:55 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\563db75e85035e4475cd2c1feb1c5634

[2012/08/19 02:25:54 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\f530f1b21f239a7cfd373a71b2f897ca

[2012/08/19 02:25:54 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\b87d66cdfd133baa80b4724b265526c0

[2012/08/19 02:25:54 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\6940ca1c53b3385069460dee7e8dc2e8

[2012/08/19 02:25:54 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\63d6f82bfd289c548d7cab2f4b21ad22

[2012/08/19 02:25:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\c4fcf95fb00931f0bd9f5f2a601e6ecf

[2012/08/19 02:25:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\9b040191d8c010608c659cceab9a1b90

[2012/08/19 02:25:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\828e30832eb60a5d5bc7a30ddc8d6bf4

[2012/08/19 02:25:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\5ae932b748c35f46b7f70880f867a9a4

[2012/08/19 02:25:52 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\2357eabc33f5767ff57b25de2392481d

[2012/08/19 02:25:50 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\b6261bdaddc69a82be016f51fa665a14

[2012/08/19 02:25:49 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\d9edf88be48794ac765695204b9cb9a1

[2012/08/19 02:25:48 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\c23faa05f64e153bdf892795fd8c8da0

[2012/08/19 02:25:48 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\97cc9e11b550f6f4eb489764b0f81531

[2012/08/19 02:25:48 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\468084797db769d9f7f8fb98316eb559

[2012/08/19 02:25:48 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\1de34842847e8d5c1418a69bed8aa6bf

[2012/08/19 02:25:47 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\8716055b75befbcf22ac26527969d773

[2012/08/19 02:25:47 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\495c59d0ce4d9f34c153f0dd312056ad

[2012/08/19 02:25:46 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\bdaaba47e3cacad7a367ec1648310082

[2012/08/19 02:25:46 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\1f91a8afcd0d40f17e0ecd1f46ec31e2

[2012/08/19 02:25:46 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\0c0e67835cce4d4b780bcd6decc6a46d

[2012/08/19 02:25:45 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\cecb0faf1fe757d359e6c63e99c4d74a

[2012/08/19 02:25:45 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\a0e50d2f1b9342d5befde230c0e76307

[2012/08/19 02:25:45 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\4f042a61f2001ee7b827b86602b465c3

[2012/08/19 02:25:44 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\8d94d9afc7f5783caabdcaf9c273d18f

[2012/08/19 02:25:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\b16d6f1010e333b65d9c165bc7f9fba0

[2012/08/19 02:25:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\3866cade6a7afddbbf4514495d32a13d

[2012/08/19 02:25:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\6eb46832211eba7c250f618f518cc186

[2012/08/19 02:25:40 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\f47a7aa4814556ded3ab7331bca050bb

[2012/08/19 02:12:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com

[2012/08/19 02:11:14 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\d49f32232776f1379a586132c0588e00

[2012/08/19 01:47:53 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-AFRC0.exe

[2012/08/19 01:47:53 | 000,010,550 | ---- | M] () -- C:\WINDOWS\is-AFRC0.msg

[2012/08/19 01:47:53 | 000,000,438 | ---- | M] () -- C:\WINDOWS\is-AFRC0.lst

[2012/08/18 23:39:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\4dd364c2a921c39dc15cbaa8f4978390

[2012/08/18 23:39:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\f751baa6fb376468dd1828c02640e791

[2012/08/18 23:39:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\ebf7c9f5882ce477a7e2ae21933ece9dO0Ko1u34

[2012/08/18 23:39:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\ceb80249ec84023818f746961df32d0c

[2012/08/18 23:39:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\b847bad93bc22d323fc0183a6e3f3c0c

[2012/08/18 23:39:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\ab61c7e2f1e64f224b03c73452167892

[2012/08/18 23:39:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\a21c3b113c8c95e51d35e4188560ef97

[2012/08/18 23:39:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\87748e649b69537668b333d0a4c93fe1

[2012/08/18 23:39:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\7a00b55842251ea4d8de3eea7b880e00

[2012/08/18 23:39:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\6bd7d8d2fccb8da9909f7b664a7c91fc

[2012/08/18 23:39:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\4200a7120ce5e18028c26b37d355fbe8

[2012/08/18 23:39:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\2caa7e2e654b1dad47e3ec68a30ceab5

[2012/08/18 23:39:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\10375bdb08fefd2076e8dc6400df8bc0

[2012/08/18 23:39:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\03ae6b5647d9f0c2c8a9ff07f4530739

[2012/08/18 23:39:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\035bfc8d78b63b8b340e3439771532e4

[2012/08/18 23:39:12 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\f84b52fad026412ae5de880dde6a13f6

[2012/08/18 23:39:03 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\ebf7c9f5882ce477a7e2ae21933ece9dO0Ko1u34

[2012/08/18 23:39:03 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\3529826cadb7f69ed179e9aa049049fe

[2012/08/18 23:38:56 | 000,225,281 | RHS- | M] () -- C:\WINDOWS\ebf7c9f5882ce477a7e2ae21933ece9d.dll

[2012/08/18 22:25:34 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.62.0.1300.exe

Link to post
Share on other sites

(continued from above)

[2012/08/18 22:24:00 | 091,802,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bdwy34s6.exe

[2012/08/18 21:20:14 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-EOM93.exe

[2012/08/18 21:20:14 | 000,010,550 | ---- | M] () -- C:\WINDOWS\is-EOM93.msg

[2012/08/18 21:20:14 | 000,000,453 | ---- | M] () -- C:\WINDOWS\is-EOM93.lst

[2012/08/18 21:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/18 20:52:21 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\6449665402bac7997f637f990f1430bc

[2012/08/18 20:52:02 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\fff8d46acb74ae056e7d0b21e9e4afd4

[2012/08/18 20:51:43 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\5d4f4779c480c7b648df17ee0a5b9507

[2012/08/18 20:51:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\dd8d6bb6ddcdcc18239f1028a6216c75

[2012/08/18 20:51:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\c30cfbd20141657fb59836e3bd235649

[2012/08/18 20:51:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\8549eeb01e449d20d25cff1fdba6436d

[2012/08/18 20:51:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\801977ed373ffccb45f01807de87f0e1

[2012/08/18 20:51:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\64c090bed29224996c7a2b2f698b3e88

[2012/08/18 20:51:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\64b72a9d2207a70ee6360592e81cd9df

[2012/08/18 20:51:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\4a378b3ac6d7c28c90ef50b17b212f7e

[2012/08/18 20:51:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\393ab65a2ad4cd06e6528963a83f6eea

[2012/08/18 20:51:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\33a548ff4679a31455ae5a518a1c6e5d

[2012/08/18 20:51:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\227339964313e9f48b0a4e5fab41dabf

[2012/08/18 20:51:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\0d0d6e01c659dc4a8d6e996cc4902894

[2012/08/18 20:51:41 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\0557cefd925b89eb5ec96402ae2a2e7c

[2012/08/18 20:51:38 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\ef71c4c1cbacb115415f03e02a2fb903

[2012/08/18 20:51:38 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\d3bcfe1bc88dd88654f763ce6c03216a

[2012/08/18 20:51:38 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\7b01a6d9513da3caeb9514abb450465c

[2012/08/18 20:51:38 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\16aa52898c04a7b8cf350a2add9c3ad1

[2012/08/18 20:51:28 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\cdc7cc3751bc6e22bea0e8166349ccd6

[2012/08/17 19:36:23 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\9b36a6bdb229a02303036effa9f900e2O0Ko1u34

[2012/08/17 19:34:16 | 000,000,050 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\9b36a6bdb229a02303036effa9f900e26.dat

[2012/08/17 19:33:54 | 000,000,050 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\9b36a6bdb229a02303036effa9f900e26.dat

[2012/08/17 19:29:39 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\d568e4479ab3ed7891c07001dda8f1b5

[2012/08/17 19:27:52 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\a58c74fe9fbab4f284f50d2751b2cbea

[2012/08/17 19:20:14 | 000,138,671 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\9b36a6bdb229a02303036effa9f900e20.dat

[2012/08/17 18:41:47 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\cf16528bdaf7bfd08ab675148dbdd112

[2012/08/17 18:41:27 | 000,138,669 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\9b36a6bdb229a02303036effa9f900e20.dat

[2012/08/17 18:41:26 | 000,138,669 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\9b36a6bdb229a02303036effa9f900e20.dat

[2012/08/17 18:41:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\95ab9332092a5687bb3d4ce1f3e850ee

[2012/08/17 18:41:21 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\d92499a66ea930568b40de3c3243a830

[2012/08/17 18:41:20 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\e0d617a455a54a9472f6a371975341dd

[2012/08/17 18:41:20 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\cc89c335eb7c0d84ef19965012bb060c

[2012/08/17 18:41:20 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\cc6f6bfef50554821ce0c4093c641389

[2012/08/17 18:41:20 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\8fef396a99de7bee47c07de873eca1da

[2012/08/17 18:41:20 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\55a937be026cfba0420b8d9869c4fd99

[2012/08/17 18:41:20 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\259c32bd23b10821a0ee742256cb603d

[2012/08/17 18:41:20 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\0c88533a49406f51ec24a21a4ab68bf8

[2012/08/17 18:41:19 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\dc126139d20a4f02f01558b5f97aeae3

[2012/08/17 18:41:19 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\ae804465bbb1b27c6ad26f3011ed0270

[2012/08/17 18:41:19 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\76adbd82301b7205e6b6f6a39ffed2ac

[2012/08/17 18:41:19 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\6de163996acab8ea21b8700236a26829

[2012/08/17 18:41:19 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\496409f2231e77e9240957a56051191a

[2012/08/17 18:41:19 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\45cce9846cebec1bcf4b927b2d406292

[2012/08/17 18:41:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\f84b52fad026412ae5de880dde6a13f6

[2012/08/17 18:41:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\f232b800712cb54cb085dd9a37032997

[2012/08/17 18:41:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\3229f8fedff5df2fccd227951851f033

[2012/08/17 18:41:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\90d646cdcfe18ddab6c3caa1672c512b

[2012/08/17 18:41:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\7339692ff3823cd3870195c20230e0db

[2012/08/17 18:41:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\4bb56bd4a920e0e5f57533ce82918e35

[2012/08/17 18:41:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\3d65b13443138a8d2115a07312c1f2c8

[2012/08/17 18:41:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\27276ea24662239303e2d691a55aca60

[2012/08/17 18:41:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\0ff15f836b89ee415edf14f0ad7fc073

[2012/08/17 18:41:16 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\ab61c7e2f1e64f224b03c73452167892

[2012/08/17 18:41:16 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\12fbfbf9cb8316996e9d180c43c10513

[2012/08/17 18:41:14 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\3a6c92af6f8b6523a589e8503d9b0590

[2012/08/17 18:41:13 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\9b36a6bdb229a02303036effa9f900e2O0Ko1u34

[2012/08/17 18:41:05 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\f57544823663e6c703dcc0d9c701db51

[2012/08/17 18:41:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\dc7814954c30f739a31849bdf76d880d

[2012/08/17 18:41:03 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Application Data\e85f0cd7f332ad20a753f9bebd0e482c

[2012/08/17 18:41:02 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\da92dd2cba7a9ed61fca2c7002d78f12

[2012/08/17 18:40:55 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\f049b5ded2141e509185a6f7bff1d0ef

[2012/08/17 18:40:55 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\5f9c3847ba52776e84b0b6b4becac95d

[2012/08/17 18:40:54 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\9b36a6bdb229a02303036effa9f900e2O0Ko1u34

[2012/08/17 18:40:54 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\LocalService\Application Data\352ee9500caa2b2fcaea5a3e2bc88b6c

[2012/08/17 18:40:40 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\304257f7c1a18e3895c699a39658ae3c

[2012/08/17 18:40:38 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\6333e0a8a16a92fbc4c655dcc536469e

[2012/08/17 18:40:37 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\620825bded43322e950ba3a1f4700124

[2012/08/17 18:40:35 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\b687d3ee5f298a18da9f7bdde22def30

[2012/08/17 18:40:35 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\9b36a6bdb229a02303036effa9f900e2O0Ko1u34

[2012/08/17 18:40:31 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\39f11e40a8e8d112e05be61aecb1806a

[2012/08/17 18:40:12 | 000,225,281 | RHS- | M] () -- C:\WINDOWS\9b36a6bdb229a02303036effa9f900e2.dll

[2012/08/17 18:39:28 | 000,319,488 | RHS- | M] (auréole radiodiffusé) -- C:\WINDOWS\Otho.Otho

[2012/08/17 18:39:28 | 000,319,488 | RHS- | M] (auréole radiodiffusé) -- C:\Documents and Settings\Owner\Application Data\ef5aea7101bd807f1651418d4a5bd420.CtIiycX6

[2012/08/17 18:39:28 | 000,319,488 | RHS- | M] (auréole radiodiffusé) -- C:\Documents and Settings\Owner\Application Data\ebf7c9f5882ce477a7e2ae21933ece9d.CtIiycX6

[2012/08/17 18:39:28 | 000,319,488 | RHS- | M] (auréole radiodiffusé) -- C:\WINDOWS\Arturo Free.exe

[2012/08/17 18:39:28 | 000,319,488 | RHS- | M] (auréole radiodiffusé) -- C:\Documents and Settings\Owner\Application Data\0dd9520fd5828df1cddedd00d2924117.CtIiycX6

[2012/08/17 18:39:28 | 000,319,488 | ---- | M] (auréole radiodiffusé) -- C:\Program Files\update.exe

[2012/08/17 18:39:28 | 000,319,488 | ---- | M] (auréole radiodiffusé) -- C:\Documents and Settings\Owner\Application Data\9b36a6bdb229a02303036effa9f900e2.CtIiycX6

[2012/08/15 11:49:47 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012/08/15 11:49:47 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012/08/15 11:49:44 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe

[2012/08/15 11:38:42 | 000,159,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/08/14 00:07:07 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk

[2012/08/08 12:51:19 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2012/08/08 12:51:18 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk

[26 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/22 19:30:24 | 000,000,050 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\0dd9520fd5828df1cddedd00d29241176.dat

[2012/08/22 19:24:21 | 000,000,050 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\0dd9520fd5828df1cddedd00d29241176.dat

[2012/08/22 19:24:21 | 000,000,050 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\0dd9520fd5828df1cddedd00d29241176.dat

[2012/08/22 19:24:12 | 000,000,050 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\0dd9520fd5828df1cddedd00d29241176.dat

[2012/08/22 19:17:31 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\9f4c1be674ebe56b4f434f9f77a4561b

[2012/08/22 19:17:05 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\147d8c3789ee14c77699d0b5e0a1a052

[2012/08/22 19:17:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\f84b52fad026412ae5de880dde6a13f6

[2012/08/22 19:17:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\df2d661c77998ccba7e18fd542f98b45

[2012/08/22 19:17:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\ab61c7e2f1e64f224b03c73452167892

[2012/08/22 19:17:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\934f4abbab6af92c725178478b25c7b8

[2012/08/22 19:17:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\926f9bcd22717b521724be8131446b75

[2012/08/22 19:17:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\73a9d38ef9a0fef4970821d9c66bb3cc

[2012/08/22 19:17:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\6defaccaad5298a109effe1d8cba9ce9

[2012/08/22 19:17:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\69198bbdd8b69af79a39bd92f107ba06

[2012/08/22 19:17:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\5d7f16593c0abd39312e5540a30ce9e5

[2012/08/22 19:17:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\4ee2910c6e93cd3b420714e202326a00

[2012/08/22 19:17:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\4e0e8ed409fd063b9e98afd604241934

[2012/08/22 19:17:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\347de3c3dd425e7da7948122465f2d40

[2012/08/22 19:17:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\2a4f5bf11519cdca143be251360499b1

[2012/08/22 19:17:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\0dd9520fd5828df1cddedd00d2924117O0Ko1u34

[2012/08/22 19:17:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\0dd9520fd5828df1cddedd00d2924117O0Ko1u34

[2012/08/22 19:17:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\0dd9520fd5828df1cddedd00d2924117O0Ko1u34

[2012/08/22 19:16:50 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\352d0e8e824ffb76474f83d0e733591b

[2012/08/22 19:16:50 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\0dd9520fd5828df1cddedd00d2924117O0Ko1u34

[2012/08/22 19:16:43 | 000,225,281 | RHS- | C] () -- C:\WINDOWS\0dd9520fd5828df1cddedd00d2924117.dll

[2012/08/19 03:02:10 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\28cb4935e4fa116e4d993dbd81eb9092

[2012/08/19 03:02:07 | 000,000,050 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ef5aea7101bd807f1651418d4a5bd4206.dat

[2012/08/19 03:01:55 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\c30cfbd20141657fb59836e3bd235649

[2012/08/19 03:01:55 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\5823939f16cfcbecfd23f5197e0176bb

[2012/08/19 03:01:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\fd35a36a189ce3427912b4760e4addb0

[2012/08/19 03:01:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\30e9bf4e0b4ba2a7f2b2d7a76f655de2

[2012/08/19 03:01:53 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\dc0cc643810f4e153d4ce7f3bd56dc0e

[2012/08/19 03:01:53 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\8360f05a91c20bb1dc1889906a222185

[2012/08/19 03:01:53 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\645574cfce3e08307d8197f565da9c35

[2012/08/19 03:01:53 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\496409f2231e77e9240957a56051191a

[2012/08/19 03:01:52 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\da07d4ffc5434e1f58f82e0f992a7eb5

[2012/08/19 03:01:52 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\c0df10be9f50ad12a933ff4560b96a13

[2012/08/19 03:01:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\faf07b0b9b9e210e7ad5f1446683b616

[2012/08/19 03:01:50 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\8a2c8d49907d8ec14be6b3aa6e8c8f9f

[2012/08/19 03:01:50 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\4b4babba8a6f536bfe8d29ce2db199f5

[2012/08/19 03:01:50 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\1ceb83085dd04393e8a87c9f54c515f1

[2012/08/19 03:01:49 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\f4dbe8dc19117bf25913a6d5fe1d7d0a

[2012/08/19 03:01:49 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\64adc1392ec4b15bfe9ce49edc2185c4

[2012/08/19 03:01:49 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\49bfc4bc18da631e3b5dc6e4b6dd7ce6

[2012/08/19 03:01:49 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\4594233480ce43aaa5d6b8c556256ced

[2012/08/19 03:01:49 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\21ed0578dbf1f61298caec230bc484e6

[2012/08/19 03:01:48 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\c2f86d5a28373ce40a5db34f94b5a428

[2012/08/19 03:01:48 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\a097bc014c309613370eff85238c6126

[2012/08/19 03:01:48 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\781ca566aac57cb4aeb6e0e77bdc0735

[2012/08/19 03:01:48 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\46ed79bc1441528ad96ffacdbad12413

[2012/08/19 03:01:47 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\dfb04da08d24c87dc94484a412cca02d

[2012/08/19 03:01:47 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\a75caca53e69cc1384be9222a8bf7f81

[2012/08/19 03:01:46 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\2fcc20494bf032451a36c2c18e776b16

[2012/08/19 03:01:45 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\b6f8f5f838c511513c4c6c45ec9586e9

[2012/08/19 03:01:45 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\4e2f752bca6feb64f79d23665d78bb7e

[2012/08/19 03:01:45 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\1e36b7ef29793189682d1d1e2efce6e3

[2012/08/19 03:01:44 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\32771cb89e61d9693c638095761635eb

[2012/08/19 03:01:44 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\31cd0c81e0bb0c6cc0108fc2ab9311a6

[2012/08/19 03:01:44 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\2798cdeeb8068057cbc2abf7875f0cca

[2012/08/19 03:01:43 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\d129cf256d7fc7684419f54f57be37ee

[2012/08/19 03:01:43 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\6b36b1bd7d09b9695263d0ecb7410038

[2012/08/19 03:01:43 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\260534e2efe88455f5a6c709b7af5057

[2012/08/19 03:01:42 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\de34474e3edb7a193d4906fbc3868e5b

[2012/08/19 03:01:42 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\10e206d7a64f5d041700109f2cf82b0d

[2012/08/19 03:01:42 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\0f7908b1f8b612ecd526d3f90fdf30ab

[2012/08/19 03:01:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\e0222f83289d6ff869cbca875894df70

[2012/08/19 03:01:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\d21e991d3c9e257f24fbae17af6065b7

[2012/08/19 03:01:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\5cb4d4e4794fcb643c5d6eece3d3fdf8

[2012/08/19 03:01:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\0a9d6876f8dd1ce8bb0c1ec9b6955853

[2012/08/19 03:01:40 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\b07d581d07410b9dd9a93f6bd44d5a1e

[2012/08/19 03:01:40 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\81f5f729d51a00edd733cb5a95f71297

[2012/08/19 03:01:40 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\506a5ebd19dba216badef59f075bdb15

[2012/08/19 03:01:40 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\3ae4a644c7595f5c024f6c9ca457867c

[2012/08/19 03:01:40 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\1bf9fd572caf7e2304ad2cdc41a76919

[2012/08/19 03:01:39 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\c19839005eb9562c2130ea3a73cffa4e

[2012/08/19 03:01:39 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\7a5a98fa96fadbc4b102083b18f8412d

[2012/08/19 03:01:39 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\7525ad667a2e2d9a26996ff5752f3feb

[2012/08/19 03:01:38 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\fc6c1c86df93adae95c8c94258114e59

[2012/08/19 03:01:38 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\85883bff112391b3c7d3a52ee507e683

[2012/08/19 03:01:38 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\80229955c9d1683794855df906d551c9

[2012/08/19 03:01:38 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\2882b324099fa10fcafdff4838d7d0cd

[2012/08/19 03:01:37 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\62d7de070d41518862205e6cdc4e953f

[2012/08/19 03:01:35 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\280b82aad63635a35608d33967af4b98

[2012/08/19 03:01:34 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\a71f491e61d784fd035e03b51c245448

[2012/08/19 03:01:34 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\a18ccfc99b431318b2fb0b4a640879d0

[2012/08/19 03:01:34 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\06ccf9bf9bc77062472f85618a98c213

[2012/08/19 03:01:33 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\ef1ecd849cf4ea7f2ffca5aa5d174201

[2012/08/19 03:01:33 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\74165034c7ea5637ff5e4000190045d4

[2012/08/19 03:01:32 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\ee2cca46adfc1687a81363c9c75cf99d

[2012/08/19 03:01:32 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\0fa64b159d4a374061383a90bc50b72d

[2012/08/19 03:01:31 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\b16869873f3c13860f6bf3e12709d7b4

[2012/08/19 03:01:31 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\a493bd2f30cd88e332b46f0249f34514

[2012/08/19 03:01:31 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\84ffab3cdd66e466db72a52613d64803

[2012/08/19 03:01:31 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\39aa46765871a13c25f3f04cc6f387f4

[2012/08/19 03:01:30 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\e4c95e25a6ea7d7a1563d655936c7cae

[2012/08/19 03:01:30 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\a6b64013c13c1bf61a4a9a602c48976e

[2012/08/19 03:01:29 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\bd7253b162d6dffa0e361d98bfebe0be

[2012/08/19 03:01:27 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\b74e7d0231e7f3fcbf9ca3c07c2260a3

[2012/08/19 03:01:27 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\683ad9dbb518e5fedae564a9990c2068

[2012/08/19 03:01:26 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\66f44f3e5e8bc7378c4bde73db8ee166

[2012/08/19 02:57:24 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\f3521c735718601828fcdad03e1b9ae9

[2012/08/19 02:56:10 | 000,000,050 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\ef5aea7101bd807f1651418d4a5bd4206.dat

[2012/08/19 02:56:10 | 000,000,050 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\ef5aea7101bd807f1651418d4a5bd4206.dat

[2012/08/19 02:55:29 | 000,000,050 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\ef5aea7101bd807f1651418d4a5bd4206.dat

[2012/08/19 02:50:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\6df28a76cf0bf0b9da527de79d03b5f7

[2012/08/19 02:48:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\bbb0a8c3339eb3758535b967f1bc8de9

[2012/08/19 02:48:24 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ef5aea7101bd807f1651418d4a5bd420O0Ko1u34

[2012/08/19 02:48:24 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\ef5aea7101bd807f1651418d4a5bd420O0Ko1u34

[2012/08/19 02:48:24 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\de0759fd1f7a4e0121389c73fb3aefb0

[2012/08/19 02:48:24 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\d709c5a490eb3bf1d63ff8692c8088ac

[2012/08/19 02:48:24 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\bfeab99caf35db9a648404c57fd81f73

[2012/08/19 02:48:24 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\b9667eb90de4ab632ec33241a653de52

[2012/08/19 02:48:24 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\aa35ed505c9323f5a22b1af29e05fcee

[2012/08/19 02:48:24 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\91a9981ee1f8e30d6bf74418814db72d

[2012/08/19 02:48:24 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\7dbffbdc6b29740e12bf5c29262127e3

[2012/08/19 02:48:24 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\41993ebb1d3ce322c3fc15fd18cb9736

[2012/08/19 02:48:24 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\242abdbfbc2bee8832976da69c14bd36

[2012/08/19 02:48:24 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\1cd1d9fa890a021e5888aa4a8d69f9df

[2012/08/19 02:48:24 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\177fbaf0392e9e0463393d1f032d2f9c

[2012/08/19 02:48:24 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\14f51891e20d2e2e988d27084d67a853

[2012/08/19 02:48:23 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\5d87c8334da399f859cd69edb470e448

[2012/08/19 02:48:18 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\f46cc8f918667bfe537112e1a8564d86

[2012/08/19 02:48:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\b33a9a2ae063ddeda5eb2e58b9a781ab

[2012/08/19 02:48:18 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\694beb4668dce9c4bd2eb47d066c31a7

[2012/08/19 02:48:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\2385f65956d877ba843e06671059aa0e

[2012/08/19 02:48:08 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\ef5aea7101bd807f1651418d4a5bd420O0Ko1u34

[2012/08/19 02:48:08 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\ef5aea7101bd807f1651418d4a5bd420O0Ko1u34

[2012/08/19 02:48:08 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\49fd3240b637aac6fa464fd68144be14

[2012/08/19 02:48:08 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\191075d114d903b7dfd32c537f5eac4c

[2012/08/19 02:48:02 | 000,225,281 | RHS- | C] () -- C:\WINDOWS\ef5aea7101bd807f1651418d4a5bd420.dll

[2012/08/19 02:28:07 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\73d0db30c2374a9c59ea927f4f713054

[2012/08/19 02:26:10 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\45d2cf71ab77e429b7ce77b7bf11947b

[2012/08/19 02:26:09 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\feaac1c81441513da9aaf1da9e65337e

[2012/08/19 02:26:09 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\71110d5e0818fec7014269f9e9f4c4fd

[2012/08/19 02:26:09 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\45a7aed7a82ed338b4e8619f60430960

[2012/08/19 02:26:08 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\87d87cd625f3bea66f35b45d48ad086f

[2012/08/19 02:26:08 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\7f810eb43f892b780950be5e686104d0

[2012/08/19 02:26:08 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\70029ca1b10954940ceea4db3dfe7fab

[2012/08/19 02:26:08 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\534e2c8cfb8d26f89a377058a21e09f9

[2012/08/19 02:26:07 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\80f5d3f8a1fcf7c412b6c7d8815a325e

[2012/08/19 02:26:06 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\fe2b5420d7a87483f5abf517be96ce35

[2012/08/19 02:26:06 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\81c4944d0b8d82cd40b6459642f3a081

[2012/08/19 02:26:05 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\a6b989a5dccd0f9ac0b602ca97d9dd08

[2012/08/19 02:26:05 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\a42295cf5b22a65248033ebb6623ed8d

[2012/08/19 02:26:05 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\9db4d6d9a00f28247eeabefbc2479c8e

[2012/08/19 02:26:05 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\8ba3e10351b4646d08b00f5ec3922d7c

[2012/08/19 02:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\deb760e31381d2bef610881286f9c5f7

[2012/08/19 02:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\304ed53f8d45ffbe40dc8a076cfc8e87

[2012/08/19 02:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\0b9b818447d19f371dba1802e2d596e3

[2012/08/19 02:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\002aca0564dfd0e2b5ac2b467c0a314a

[2012/08/19 02:26:03 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\cab3e9153c2e330fa596d505ac046d45

[2012/08/19 02:26:03 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\b6aacb0c97dee58a17375c575df8de37

[2012/08/19 02:26:03 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\29c36ad54dce8e8f0f2da2cd8f33bc03

[2012/08/19 02:26:02 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\e7c5212c68e6502380277b54f1ee4781

[2012/08/19 02:26:02 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\828aa84aa8e5429b180f475e31d81f2c

[2012/08/19 02:26:02 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\51f65182e14061f79ce5a94fe152478b

[2012/08/19 02:26:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\e30b602d9afd8874f6afd85b6e7d5f2a

[2012/08/19 02:26:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\c5877927d035879b69a96aba0709122c

[2012/08/19 02:26:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\362884e76b5fc4c4f32da06155203cab

[2012/08/19 02:26:00 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\204f3d61b3f9103520e30019a5c6825f

[2012/08/19 02:25:59 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\c708a0b1f61c9de633282f5e87e446e3

[2012/08/19 02:25:59 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\5fe8c050cc10fe664f2df1c9e687ccd1

[2012/08/19 02:25:58 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\d8b5a4984cf991d5e547c3f5931d3a6b

[2012/08/19 02:25:58 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\9f1a3b59713550dd460f838681f9ab2c

[2012/08/19 02:25:58 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\7ca47f8ef6dee15cb27759ece1bcd682

[2012/08/19 02:25:58 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\77e1e701370f6fb71dbb7e9f31173fe4

[2012/08/19 02:25:57 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\b16a9c6c88c7f074a232bdea527aef3d

[2012/08/19 02:25:57 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\1b5aa6ec14d07ede8516864762505181

[2012/08/19 02:25:56 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\c6f705f5c4ed2d97ece26ff1e032b9bc

[2012/08/19 02:25:56 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\a067e50d6a6a25544ee30190e39dc07c

[2012/08/19 02:25:56 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\88fa111ff1c1d6d6fc0b3b95cb1267ae

[2012/08/19 02:25:56 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\639b364d24bf9f6b8c33ed5c615441de

[2012/08/19 02:25:55 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\b748cf1218828640ffe869337769340b

[2012/08/19 02:25:55 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\ac0b13fac7d93de774732888e4df3612

[2012/08/19 02:25:55 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\74d94d3edeb6c0187e9a3bfcb2fef0d8

[2012/08/19 02:25:55 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\563db75e85035e4475cd2c1feb1c5634

[2012/08/19 02:25:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\f530f1b21f239a7cfd373a71b2f897ca

[2012/08/19 02:25:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\b87d66cdfd133baa80b4724b265526c0

[2012/08/19 02:25:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\6940ca1c53b3385069460dee7e8dc2e8

[2012/08/19 02:25:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\63d6f82bfd289c548d7cab2f4b21ad22

[2012/08/19 02:25:53 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\c4fcf95fb00931f0bd9f5f2a601e6ecf

[2012/08/19 02:25:53 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\9b040191d8c010608c659cceab9a1b90

[2012/08/19 02:25:53 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\828e30832eb60a5d5bc7a30ddc8d6bf4

[2012/08/19 02:25:53 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\5ae932b748c35f46b7f70880f867a9a4

[2012/08/19 02:25:52 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\2357eabc33f5767ff57b25de2392481d

[2012/08/19 02:25:50 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\b6261bdaddc69a82be016f51fa665a14

[2012/08/19 02:25:49 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\d9edf88be48794ac765695204b9cb9a1

[2012/08/19 02:25:48 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\c23faa05f64e153bdf892795fd8c8da0

[2012/08/19 02:25:48 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\97cc9e11b550f6f4eb489764b0f81531

[2012/08/19 02:25:48 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\468084797db769d9f7f8fb98316eb559

[2012/08/19 02:25:48 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\1de34842847e8d5c1418a69bed8aa6bf

[2012/08/19 02:25:47 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\8716055b75befbcf22ac26527969d773

[2012/08/19 02:25:47 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\495c59d0ce4d9f34c153f0dd312056ad

[2012/08/19 02:25:46 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\bdaaba47e3cacad7a367ec1648310082

[2012/08/19 02:25:46 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\1f91a8afcd0d40f17e0ecd1f46ec31e2

[2012/08/19 02:25:46 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\0c0e67835cce4d4b780bcd6decc6a46d

[2012/08/19 02:25:45 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\cecb0faf1fe757d359e6c63e99c4d74a

[2012/08/19 02:25:45 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\a0e50d2f1b9342d5befde230c0e76307

[2012/08/19 02:25:45 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\4f042a61f2001ee7b827b86602b465c3

[2012/08/19 02:25:44 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\8d94d9afc7f5783caabdcaf9c273d18f

[2012/08/19 02:25:42 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\b16d6f1010e333b65d9c165bc7f9fba0

[2012/08/19 02:25:42 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\3866cade6a7afddbbf4514495d32a13d

[2012/08/19 02:25:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\6eb46832211eba7c250f618f518cc186

[2012/08/19 02:25:40 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\f47a7aa4814556ded3ab7331bca050bb

[2012/08/19 02:11:14 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\d49f32232776f1379a586132c0588e00

[2012/08/19 01:47:53 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-AFRC0.exe

[2012/08/19 01:47:53 | 000,010,550 | ---- | C] () -- C:\WINDOWS\is-AFRC0.msg

[2012/08/19 01:47:53 | 000,000,438 | ---- | C] () -- C:\WINDOWS\is-AFRC0.lst

[2012/08/18 23:41:43 | 091,802,576 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bdwy34s6.exe

[2012/08/18 23:39:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\4dd364c2a921c39dc15cbaa8f4978390

[2012/08/18 23:39:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\f751baa6fb376468dd1828c02640e791

[2012/08/18 23:39:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\ceb80249ec84023818f746961df32d0c

[2012/08/18 23:39:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\b847bad93bc22d323fc0183a6e3f3c0c

[2012/08/18 23:39:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\ab61c7e2f1e64f224b03c73452167892

[2012/08/18 23:39:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\a21c3b113c8c95e51d35e4188560ef97

[2012/08/18 23:39:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\87748e649b69537668b333d0a4c93fe1

[2012/08/18 23:39:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\7a00b55842251ea4d8de3eea7b880e00

[2012/08/18 23:39:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\6bd7d8d2fccb8da9909f7b664a7c91fc

[2012/08/18 23:39:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\4200a7120ce5e18028c26b37d355fbe8

[2012/08/18 23:39:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\2caa7e2e654b1dad47e3ec68a30ceab5

[2012/08/18 23:39:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\10375bdb08fefd2076e8dc6400df8bc0

[2012/08/18 23:39:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\03ae6b5647d9f0c2c8a9ff07f4530739

[2012/08/18 23:39:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\035bfc8d78b63b8b340e3439771532e4

[2012/08/18 23:39:12 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\f84b52fad026412ae5de880dde6a13f6

[2012/08/18 23:39:03 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\3529826cadb7f69ed179e9aa049049fe

[2012/08/18 21:20:14 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-EOM93.exe

[2012/08/18 21:20:14 | 000,010,550 | ---- | C] () -- C:\WINDOWS\is-EOM93.msg

[2012/08/18 21:20:14 | 000,000,453 | ---- | C] () -- C:\WINDOWS\is-EOM93.lst

[2012/08/18 20:59:29 | 000,000,050 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\ebf7c9f5882ce477a7e2ae21933ece9d6.dat

[2012/08/18 20:59:15 | 000,000,050 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\ebf7c9f5882ce477a7e2ae21933ece9d6.dat

[2012/08/18 20:59:12 | 000,000,050 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ebf7c9f5882ce477a7e2ae21933ece9d6.dat

[2012/08/18 20:59:05 | 000,000,050 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\ebf7c9f5882ce477a7e2ae21933ece9d6.dat

[2012/08/18 20:52:21 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\6449665402bac7997f637f990f1430bc

[2012/08/18 20:52:02 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\fff8d46acb74ae056e7d0b21e9e4afd4

[2012/08/18 20:51:43 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\5d4f4779c480c7b648df17ee0a5b9507

[2012/08/18 20:51:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\ebf7c9f5882ce477a7e2ae21933ece9dO0Ko1u34

[2012/08/18 20:51:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\dd8d6bb6ddcdcc18239f1028a6216c75

[2012/08/18 20:51:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\c30cfbd20141657fb59836e3bd235649

[2012/08/18 20:51:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\8549eeb01e449d20d25cff1fdba6436d

[2012/08/18 20:51:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\801977ed373ffccb45f01807de87f0e1

[2012/08/18 20:51:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\64c090bed29224996c7a2b2f698b3e88

[2012/08/18 20:51:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\64b72a9d2207a70ee6360592e81cd9df

[2012/08/18 20:51:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\4a378b3ac6d7c28c90ef50b17b212f7e

[2012/08/18 20:51:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\4159a670ff268bcfee79d7377c61ddc3

[2012/08/18 20:51:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\393ab65a2ad4cd06e6528963a83f6eea

[2012/08/18 20:51:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\33a548ff4679a31455ae5a518a1c6e5d

[2012/08/18 20:51:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\227339964313e9f48b0a4e5fab41dabf

[2012/08/18 20:51:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\0d0d6e01c659dc4a8d6e996cc4902894

[2012/08/18 20:51:41 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\0557cefd925b89eb5ec96402ae2a2e7c

[2012/08/18 20:51:38 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ef71c4c1cbacb115415f03e02a2fb903

[2012/08/18 20:51:38 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\ebf7c9f5882ce477a7e2ae21933ece9dO0Ko1u34

[2012/08/18 20:51:38 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ebf7c9f5882ce477a7e2ae21933ece9dO0Ko1u34

[2012/08/18 20:51:38 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\d3bcfe1bc88dd88654f763ce6c03216a

[2012/08/18 20:51:38 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\7b01a6d9513da3caeb9514abb450465c

[2012/08/18 20:51:38 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\16aa52898c04a7b8cf350a2add9c3ad1

[2012/08/18 20:51:28 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\ebf7c9f5882ce477a7e2ae21933ece9dO0Ko1u34

[2012/08/18 20:51:28 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\cdc7cc3751bc6e22bea0e8166349ccd6

[2012/08/18 20:51:22 | 000,225,281 | RHS- | C] () -- C:\WINDOWS\ebf7c9f5882ce477a7e2ae21933ece9d.dll

[2012/08/17 19:29:39 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\d568e4479ab3ed7891c07001dda8f1b5

[2012/08/17 19:27:52 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\a58c74fe9fbab4f284f50d2751b2cbea

[2012/08/17 18:49:14 | 000,000,050 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\9b36a6bdb229a02303036effa9f900e26.dat

[2012/08/17 18:48:52 | 000,000,050 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\9b36a6bdb229a02303036effa9f900e26.dat

[2012/08/17 18:41:47 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\cf16528bdaf7bfd08ab675148dbdd112

[2012/08/17 18:41:27 | 000,138,671 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\9b36a6bdb229a02303036effa9f900e20.dat

[2012/08/17 18:41:27 | 000,138,669 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\9b36a6bdb229a02303036effa9f900e20.dat

[2012/08/17 18:41:26 | 000,138,669 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\9b36a6bdb229a02303036effa9f900e20.dat

[2012/08/17 18:41:22 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\95ab9332092a5687bb3d4ce1f3e850ee

[2012/08/17 18:41:21 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\d92499a66ea930568b40de3c3243a830

[2012/08/17 18:41:20 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\e0d617a455a54a9472f6a371975341dd

[2012/08/17 18:41:20 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\cc89c335eb7c0d84ef19965012bb060c

[2012/08/17 18:41:20 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\cc6f6bfef50554821ce0c4093c641389

[2012/08/17 18:41:20 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\8fef396a99de7bee47c07de873eca1da

[2012/08/17 18:41:20 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\55a937be026cfba0420b8d9869c4fd99

[2012/08/17 18:41:20 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\259c32bd23b10821a0ee742256cb603d

[2012/08/17 18:41:20 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\0c88533a49406f51ec24a21a4ab68bf8

[2012/08/17 18:41:19 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\dc126139d20a4f02f01558b5f97aeae3

[2012/08/17 18:41:19 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\ae804465bbb1b27c6ad26f3011ed0270

[2012/08/17 18:41:19 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\848bdf38bf8fd0acbb729a7468b0dce8

[2012/08/17 18:41:19 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\76adbd82301b7205e6b6f6a39ffed2ac

[2012/08/17 18:41:19 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\6de163996acab8ea21b8700236a26829

[2012/08/17 18:41:19 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\496409f2231e77e9240957a56051191a

[2012/08/17 18:41:19 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\45cce9846cebec1bcf4b927b2d406292

[2012/08/17 18:41:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\f84b52fad026412ae5de880dde6a13f6

[2012/08/17 18:41:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\f232b800712cb54cb085dd9a37032997

[2012/08/17 18:41:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\3229f8fedff5df2fccd227951851f033

[2012/08/17 18:41:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\90d646cdcfe18ddab6c3caa1672c512b

[2012/08/17 18:41:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\7339692ff3823cd3870195c20230e0db

[2012/08/17 18:41:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\4bb56bd4a920e0e5f57533ce82918e35

[2012/08/17 18:41:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\3d65b13443138a8d2115a07312c1f2c8

[2012/08/17 18:41:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\27276ea24662239303e2d691a55aca60

[2012/08/17 18:41:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\0ff15f836b89ee415edf14f0ad7fc073

[2012/08/17 18:41:16 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\ab61c7e2f1e64f224b03c73452167892

[2012/08/17 18:41:16 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\12fbfbf9cb8316996e9d180c43c10513

[2012/08/17 18:41:14 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\3a6c92af6f8b6523a589e8503d9b0590

[2012/08/17 18:41:13 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\9b36a6bdb229a02303036effa9f900e2O0Ko1u34

[2012/08/17 18:41:05 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\f57544823663e6c703dcc0d9c701db51

[2012/08/17 18:41:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\dc7814954c30f739a31849bdf76d880d

[2012/08/17 18:41:03 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Application Data\e85f0cd7f332ad20a753f9bebd0e482c

[2012/08/17 18:41:02 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\da92dd2cba7a9ed61fca2c7002d78f12

[2012/08/17 18:40:55 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\f049b5ded2141e509185a6f7bff1d0ef

[2012/08/17 18:40:55 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\5f9c3847ba52776e84b0b6b4becac95d

[2012/08/17 18:40:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\9b36a6bdb229a02303036effa9f900e2O0Ko1u34

[2012/08/17 18:40:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\352ee9500caa2b2fcaea5a3e2bc88b6c

[2012/08/17 18:40:40 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\304257f7c1a18e3895c699a39658ae3c

[2012/08/17 18:40:38 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\6333e0a8a16a92fbc4c655dcc536469e

[2012/08/17 18:40:37 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\620825bded43322e950ba3a1f4700124

[2012/08/17 18:40:35 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\b687d3ee5f298a18da9f7bdde22def30

[2012/08/17 18:40:35 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\9b36a6bdb229a02303036effa9f900e2O0Ko1u34

[2012/08/17 18:40:31 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\9b36a6bdb229a02303036effa9f900e2O0Ko1u34

[2012/08/17 18:40:31 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\39f11e40a8e8d112e05be61aecb1806a

[2012/08/17 18:40:12 | 000,225,281 | RHS- | C] () -- C:\WINDOWS\9b36a6bdb229a02303036effa9f900e2.dll

[2012/08/17 18:40:12 | 000,225,281 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\Bartram.dll

[2012/08/08 12:51:18 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk

[2012/08/08 12:51:18 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2012/06/09 21:12:17 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/06/09 20:22:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2012/04/25 13:39:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/02/14 20:41:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/01/19 00:12:13 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll

[2012/01/18 23:01:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011/12/07 01:20:23 | 000,028,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/11/29 13:54:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/11/29 13:54:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/11/29 13:54:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/11/29 13:54:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/11/29 13:54:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/11/29 13:27:50 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2011/11/28 15:06:53 | 000,013,618 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\5n80nt8p31r817

[2011/11/28 15:06:53 | 000,013,618 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5n80nt8p31r817

[2011/11/17 19:05:39 | 000,016,480 | R--- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

[2010/03/05 12:56:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/03/05 12:44:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/03/04 14:55:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/03/04 14:54:30 | 000,159,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/10 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/10 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/10 08:00:00 | 000,433,786 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/10 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/10 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/10 08:00:00 | 000,068,194 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/10 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/10 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/10 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/10 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/10 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/10 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2012/08/17 19:03:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Canon Easy-WebPrint EX

[2012/01/18 22:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon

[2012/01/04 22:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX

[2012/04/24 02:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Design Science

[2012/08/17 18:40:03 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Owner\Application Data\Muhammad

[2011/11/17 22:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2012/05/07 00:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PrimoPDF

[2012/08/17 18:40:00 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Owner\Application Data\Yuma Willey

[2012/01/04 22:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool

[2012/01/04 22:25:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2012/01/04 22:37:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP

[2012/01/04 22:40:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV

[2012/01/04 22:37:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2

[2012/01/04 22:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup

[2012/01/18 22:38:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan

[2012/01/04 22:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt

[2011/11/29 13:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2011/12/07 00:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Start OTLPE as you did previously from CD

Copy the attached Fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

fix.txt

Link to post
Share on other sites

Windows booted normally this time. OTL log below.

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Arturo Free deleted successfully.

C:\WINDOWS\Arturo Free.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Otho deleted successfully.

C:\WINDOWS\system32\cmd.exe moved successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Yuma Willey not found.

C:\Documents and Settings\Owner\Application Data\Yuma Willey\Yuma Willey.exe moved successfully.

Registry value HKEY_USERS\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Yuma Willey deleted successfully.

File C:\Documents and Settings\Owner\Application Data\Yuma Willey\Yuma Willey.exe not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\0dd9520fd5828df1cddedd00d2924117.dll deleted successfully.

C:\WINDOWS\0dd9520fd5828df1cddedd00d2924117.dll moved successfully.

C:\Documents and Settings\Owner\Application Data\0dd9520fd5828df1cddedd00d2924117.CtIiycX6 moved successfully.

C:\Documents and Settings\Owner\Application Data\ef5aea7101bd807f1651418d4a5bd420.CtIiycX6 moved successfully.

C:\Documents and Settings\Owner\Application Data\ebf7c9f5882ce477a7e2ae21933ece9d.CtIiycX6 moved successfully.

C:\Documents and Settings\Owner\Application Data\9b36a6bdb229a02303036effa9f900e2.CtIiycX6 moved successfully.

C:\WINDOWS\Otho.Otho moved successfully.

C:\Documents and Settings\Owner\Application Data\Muhammad folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Yuma Willey folder moved successfully.

C:\Program Files\update.exe moved successfully.

C:\WINDOWS\Tonnie folder moved successfully.

C:\WINDOWS\Alvin Winthrop folder moved successfully.

C:\Documents and Settings\NetworkService\Application Data\0dd9520fd5828df1cddedd00d29241176.dat moved successfully.

C:\Documents and Settings\Owner\Application Data\0dd9520fd5828df1cddedd00d29241176.dat moved successfully.

C:\Documents and Settings\LocalService\Application Data\0dd9520fd5828df1cddedd00d29241176.dat moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\0dd9520fd5828df1cddedd00d29241176.dat moved successfully.

C:\Documents and Settings\NetworkService\Application Data\0dd9520fd5828df1cddedd00d2924117O0Ko1u34 moved successfully.

C:\Documents and Settings\Owner\Application Data\9f4c1be674ebe56b4f434f9f77a4561b moved successfully.

C:\Documents and Settings\Owner\Application Data\147d8c3789ee14c77699d0b5e0a1a052 moved successfully.

C:\Documents and Settings\Owner\Application Data\f84b52fad026412ae5de880dde6a13f6 moved successfully.

C:\Documents and Settings\LocalService\Application Data\df2d661c77998ccba7e18fd542f98b45 moved successfully.

C:\Documents and Settings\Owner\Application Data\b9667eb90de4ab632ec33241a653de52 moved successfully.

C:\Documents and Settings\Owner\Application Data\ab61c7e2f1e64f224b03c73452167892 moved successfully.

C:\Documents and Settings\LocalService\Application Data\934f4abbab6af92c725178478b25c7b8 moved successfully.

C:\Documents and Settings\Owner\Application Data\926f9bcd22717b521724be8131446b75 moved successfully.

C:\Documents and Settings\LocalService\Application Data\73a9d38ef9a0fef4970821d9c66bb3cc moved successfully.

C:\Documents and Settings\LocalService\Application Data\6defaccaad5298a109effe1d8cba9ce9 moved successfully.

C:\Documents and Settings\LocalService\Application Data\69198bbdd8b69af79a39bd92f107ba06 moved successfully.

C:\Documents and Settings\LocalService\Application Data\5d7f16593c0abd39312e5540a30ce9e5 moved successfully.

C:\Documents and Settings\LocalService\Application Data\4ee2910c6e93cd3b420714e202326a00 moved successfully.

C:\Documents and Settings\Owner\Application Data\4e0e8ed409fd063b9e98afd604241934 moved successfully.

C:\Documents and Settings\NetworkService\Application Data\347de3c3dd425e7da7948122465f2d40 moved successfully.

C:\Documents and Settings\NetworkService\Application Data\2a4f5bf11519cdca143be251360499b1 moved successfully.

C:\Documents and Settings\Owner\Application Data\0dd9520fd5828df1cddedd00d2924117O0Ko1u34 moved successfully.

C:\Documents and Settings\LocalService\Application Data\0dd9520fd5828df1cddedd00d2924117O0Ko1u34 moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\352d0e8e824ffb76474f83d0e733591b moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\0dd9520fd5828df1cddedd00d2924117O0Ko1u34 moved successfully.

File C:\WINDOWS\0dd9520fd5828df1cddedd00d2924117.dll not found.

C:\Documents and Settings\Owner\Application Data\Bartram.dll moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\ef5aea7101bd807f1651418d4a5bd4206.dat moved successfully.

C:\Documents and Settings\NetworkService\Application Data\ef5aea7101bd807f1651418d4a5bd4206.dat moved successfully.

C:\Documents and Settings\Owner\Application Data\ef5aea7101bd807f1651418d4a5bd4206.dat moved successfully.

C:\Documents and Settings\LocalService\Application Data\ef5aea7101bd807f1651418d4a5bd4206.dat moved successfully.

C:\Documents and Settings\Owner\Application Data\28cb4935e4fa116e4d993dbd81eb9092 moved successfully.

C:\Documents and Settings\Owner\Application Data\c30cfbd20141657fb59836e3bd235649 moved successfully.

C:\Documents and Settings\Owner\Application Data\5823939f16cfcbecfd23f5197e0176bb moved successfully.

C:\Documents and Settings\Owner\Application Data\fd35a36a189ce3427912b4760e4addb0 moved successfully.

C:\Documents and Settings\Owner\Application Data\30e9bf4e0b4ba2a7f2b2d7a76f655de2 moved successfully.

C:\Documents and Settings\Owner\Application Data\dc0cc643810f4e153d4ce7f3bd56dc0e moved successfully.

C:\Documents and Settings\Owner\Application Data\8360f05a91c20bb1dc1889906a222185 moved successfully.

C:\Documents and Settings\Owner\Application Data\645574cfce3e08307d8197f565da9c35 moved successfully.

C:\Documents and Settings\Owner\Application Data\496409f2231e77e9240957a56051191a moved successfully.

C:\Documents and Settings\Owner\Application Data\da07d4ffc5434e1f58f82e0f992a7eb5 moved successfully.

C:\Documents and Settings\Owner\Application Data\c0df10be9f50ad12a933ff4560b96a13 moved successfully.

C:\Documents and Settings\Owner\Application Data\faf07b0b9b9e210e7ad5f1446683b616 moved successfully.

C:\Documents and Settings\Owner\Application Data\8a2c8d49907d8ec14be6b3aa6e8c8f9f moved successfully.

C:\Documents and Settings\Owner\Application Data\4b4babba8a6f536bfe8d29ce2db199f5 moved successfully.

C:\Documents and Settings\Owner\Application Data\1ceb83085dd04393e8a87c9f54c515f1 moved successfully.

C:\Documents and Settings\Owner\Application Data\f4dbe8dc19117bf25913a6d5fe1d7d0a moved successfully.

C:\Documents and Settings\Owner\Application Data\64adc1392ec4b15bfe9ce49edc2185c4 moved successfully.

C:\Documents and Settings\Owner\Application Data\49bfc4bc18da631e3b5dc6e4b6dd7ce6 moved successfully.

C:\Documents and Settings\Owner\Application Data\4594233480ce43aaa5d6b8c556256ced moved successfully.

C:\Documents and Settings\Owner\Application Data\21ed0578dbf1f61298caec230bc484e6 moved successfully.

C:\Documents and Settings\Owner\Application Data\c2f86d5a28373ce40a5db34f94b5a428 moved successfully.

C:\Documents and Settings\Owner\Application Data\a097bc014c309613370eff85238c6126 moved successfully.

C:\Documents and Settings\Owner\Application Data\781ca566aac57cb4aeb6e0e77bdc0735 moved successfully.

C:\Documents and Settings\Owner\Application Data\46ed79bc1441528ad96ffacdbad12413 moved successfully.

C:\Documents and Settings\Owner\Application Data\dfb04da08d24c87dc94484a412cca02d moved successfully.

C:\Documents and Settings\Owner\Application Data\a75caca53e69cc1384be9222a8bf7f81 moved successfully.

C:\Documents and Settings\Owner\Application Data\2fcc20494bf032451a36c2c18e776b16 moved successfully.

C:\Documents and Settings\Owner\Application Data\b6f8f5f838c511513c4c6c45ec9586e9 moved successfully.

C:\Documents and Settings\Owner\Application Data\4e2f752bca6feb64f79d23665d78bb7e moved successfully.

C:\Documents and Settings\Owner\Application Data\1e36b7ef29793189682d1d1e2efce6e3 moved successfully.

C:\Documents and Settings\Owner\Application Data\32771cb89e61d9693c638095761635eb moved successfully.

C:\Documents and Settings\Owner\Application Data\31cd0c81e0bb0c6cc0108fc2ab9311a6 moved successfully.

C:\Documents and Settings\Owner\Application Data\2798cdeeb8068057cbc2abf7875f0cca moved successfully.

C:\Documents and Settings\Owner\Application Data\d129cf256d7fc7684419f54f57be37ee moved successfully.

C:\Documents and Settings\Owner\Application Data\6b36b1bd7d09b9695263d0ecb7410038 moved successfully.

C:\Documents and Settings\Owner\Application Data\260534e2efe88455f5a6c709b7af5057 moved successfully.

C:\Documents and Settings\Owner\Application Data\de34474e3edb7a193d4906fbc3868e5b moved successfully.

C:\Documents and Settings\Owner\Application Data\10e206d7a64f5d041700109f2cf82b0d moved successfully.

C:\Documents and Settings\Owner\Application Data\0f7908b1f8b612ecd526d3f90fdf30ab moved successfully.

C:\Documents and Settings\Owner\Application Data\e0222f83289d6ff869cbca875894df70 moved successfully.

C:\Documents and Settings\Owner\Application Data\d21e991d3c9e257f24fbae17af6065b7 moved successfully.

C:\Documents and Settings\Owner\Application Data\5cb4d4e4794fcb643c5d6eece3d3fdf8 moved successfully.

C:\Documents and Settings\Owner\Application Data\0a9d6876f8dd1ce8bb0c1ec9b6955853 moved successfully.

C:\Documents and Settings\Owner\Application Data\b07d581d07410b9dd9a93f6bd44d5a1e moved successfully.

C:\Documents and Settings\Owner\Application Data\81f5f729d51a00edd733cb5a95f71297 moved successfully.

C:\Documents and Settings\Owner\Application Data\506a5ebd19dba216badef59f075bdb15 moved successfully.

C:\Documents and Settings\Owner\Application Data\3ae4a644c7595f5c024f6c9ca457867c moved successfully.

C:\Documents and Settings\Owner\Application Data\1bf9fd572caf7e2304ad2cdc41a76919 moved successfully.

C:\Documents and Settings\Owner\Application Data\c19839005eb9562c2130ea3a73cffa4e moved successfully.

C:\Documents and Settings\Owner\Application Data\7a5a98fa96fadbc4b102083b18f8412d moved successfully.

C:\Documents and Settings\Owner\Application Data\7525ad667a2e2d9a26996ff5752f3feb moved successfully.

C:\Documents and Settings\Owner\Application Data\fc6c1c86df93adae95c8c94258114e59 moved successfully.

C:\Documents and Settings\Owner\Application Data\85883bff112391b3c7d3a52ee507e683 moved successfully.

C:\Documents and Settings\Owner\Application Data\80229955c9d1683794855df906d551c9 moved successfully.

C:\Documents and Settings\Owner\Application Data\2882b324099fa10fcafdff4838d7d0cd moved successfully.

C:\Documents and Settings\Owner\Application Data\62d7de070d41518862205e6cdc4e953f moved successfully.

C:\Documents and Settings\Owner\Application Data\280b82aad63635a35608d33967af4b98 moved successfully.

C:\Documents and Settings\Owner\Application Data\a71f491e61d784fd035e03b51c245448 moved successfully.

C:\Documents and Settings\Owner\Application Data\a18ccfc99b431318b2fb0b4a640879d0 moved successfully.

C:\Documents and Settings\Owner\Application Data\06ccf9bf9bc77062472f85618a98c213 moved successfully.

C:\Documents and Settings\Owner\Application Data\ef1ecd849cf4ea7f2ffca5aa5d174201 moved successfully.

C:\Documents and Settings\Owner\Application Data\74165034c7ea5637ff5e4000190045d4 moved successfully.

C:\Documents and Settings\Owner\Application Data\ee2cca46adfc1687a81363c9c75cf99d moved successfully.

C:\Documents and Settings\Owner\Application Data\0fa64b159d4a374061383a90bc50b72d moved successfully.

C:\Documents and Settings\Owner\Application Data\b16869873f3c13860f6bf3e12709d7b4 moved successfully.

C:\Documents and Settings\Owner\Application Data\a493bd2f30cd88e332b46f0249f34514 moved successfully.

C:\Documents and Settings\Owner\Application Data\84ffab3cdd66e466db72a52613d64803 moved successfully.

C:\Documents and Settings\Owner\Application Data\39aa46765871a13c25f3f04cc6f387f4 moved successfully.

C:\Documents and Settings\Owner\Application Data\e4c95e25a6ea7d7a1563d655936c7cae moved successfully.

C:\Documents and Settings\Owner\Application Data\a6b64013c13c1bf61a4a9a602c48976e moved successfully.

C:\Documents and Settings\Owner\Application Data\bd7253b162d6dffa0e361d98bfebe0be moved successfully.

C:\Documents and Settings\Owner\Application Data\b74e7d0231e7f3fcbf9ca3c07c2260a3 moved successfully.

C:\Documents and Settings\Owner\Application Data\683ad9dbb518e5fedae564a9990c2068 moved successfully.

C:\Documents and Settings\Owner\Application Data\66f44f3e5e8bc7378c4bde73db8ee166 moved successfully.

C:\Documents and Settings\Owner\Application Data\f3521c735718601828fcdad03e1b9ae9 moved successfully.

C:\Documents and Settings\NetworkService\Application Data\ef5aea7101bd807f1651418d4a5bd420O0Ko1u34 moved successfully.

C:\Documents and Settings\Owner\Application Data\6df28a76cf0bf0b9da527de79d03b5f7 moved successfully.

C:\Documents and Settings\Owner\Application Data\bbb0a8c3339eb3758535b967f1bc8de9 moved successfully.

C:\Documents and Settings\Owner\Application Data\ef5aea7101bd807f1651418d4a5bd420O0Ko1u34 moved successfully.

C:\Documents and Settings\LocalService\Application Data\ef5aea7101bd807f1651418d4a5bd420O0Ko1u34 moved successfully.

C:\Documents and Settings\LocalService\Application Data\de0759fd1f7a4e0121389c73fb3aefb0 moved successfully.

C:\Documents and Settings\LocalService\Application Data\d709c5a490eb3bf1d63ff8692c8088ac moved successfully.

C:\Documents and Settings\LocalService\Application Data\bfeab99caf35db9a648404c57fd81f73 moved successfully.

C:\Documents and Settings\LocalService\Application Data\aa35ed505c9323f5a22b1af29e05fcee moved successfully.

C:\Documents and Settings\LocalService\Application Data\91a9981ee1f8e30d6bf74418814db72d moved successfully.

C:\Documents and Settings\Owner\Application Data\848bdf38bf8fd0acbb729a7468b0dce8 moved successfully.

C:\Documents and Settings\NetworkService\Application Data\7dbffbdc6b29740e12bf5c29262127e3 moved successfully.

C:\Documents and Settings\LocalService\Application Data\41993ebb1d3ce322c3fc15fd18cb9736 moved successfully.

C:\Documents and Settings\NetworkService\Application Data\242abdbfbc2bee8832976da69c14bd36 moved successfully.

C:\Documents and Settings\LocalService\Application Data\1cd1d9fa890a021e5888aa4a8d69f9df moved successfully.

C:\Documents and Settings\Owner\Application Data\177fbaf0392e9e0463393d1f032d2f9c moved successfully.

C:\Documents and Settings\LocalService\Application Data\14f51891e20d2e2e988d27084d67a853 moved successfully.

C:\Documents and Settings\Owner\Application Data\5d87c8334da399f859cd69edb470e448 moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\f46cc8f918667bfe537112e1a8564d86 moved successfully.

C:\Documents and Settings\Owner\Application Data\b33a9a2ae063ddeda5eb2e58b9a781ab moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\694beb4668dce9c4bd2eb47d066c31a7 moved successfully.

C:\Documents and Settings\Owner\Application Data\4159a670ff268bcfee79d7377c61ddc3 moved successfully.

C:\Documents and Settings\Owner\Application Data\2385f65956d877ba843e06671059aa0e moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\ef5aea7101bd807f1651418d4a5bd420O0Ko1u34 moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\49fd3240b637aac6fa464fd68144be14 moved successfully.

C:\Documents and Settings\Owner\Application Data\191075d114d903b7dfd32c537f5eac4c moved successfully.

C:\WINDOWS\ef5aea7101bd807f1651418d4a5bd420.dll moved successfully.

C:\Documents and Settings\Owner\Application Data\ebf7c9f5882ce477a7e2ae21933ece9dO0Ko1u34 moved successfully.

C:\Documents and Settings\LocalService\Application Data\ebf7c9f5882ce477a7e2ae21933ece9dO0Ko1u34 moved successfully.

C:\Documents and Settings\Owner\Application Data\73d0db30c2374a9c59ea927f4f713054 moved successfully.

C:\Documents and Settings\Owner\Application Data\ebf7c9f5882ce477a7e2ae21933ece9d6.dat moved successfully.

C:\Documents and Settings\NetworkService\Application Data\ebf7c9f5882ce477a7e2ae21933ece9d6.dat moved successfully.

C:\Documents and Settings\LocalService\Application Data\ebf7c9f5882ce477a7e2ae21933ece9d6.dat moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\ebf7c9f5882ce477a7e2ae21933ece9d6.dat moved successfully.

C:\Documents and Settings\Owner\Application Data\45d2cf71ab77e429b7ce77b7bf11947b moved successfully.

C:\Documents and Settings\Owner\Application Data\feaac1c81441513da9aaf1da9e65337e moved successfully.

C:\Documents and Settings\Owner\Application Data\71110d5e0818fec7014269f9e9f4c4fd moved successfully.

C:\Documents and Settings\Owner\Application Data\45a7aed7a82ed338b4e8619f60430960 moved successfully.

C:\Documents and Settings\Owner\Application Data\87d87cd625f3bea66f35b45d48ad086f moved successfully.

C:\Documents and Settings\Owner\Application Data\7f810eb43f892b780950be5e686104d0 moved successfully.

C:\Documents and Settings\Owner\Application Data\70029ca1b10954940ceea4db3dfe7fab moved successfully.

C:\Documents and Settings\Owner\Application Data\534e2c8cfb8d26f89a377058a21e09f9 moved successfully.

C:\Documents and Settings\Owner\Application Data\80f5d3f8a1fcf7c412b6c7d8815a325e moved successfully.

C:\Documents and Settings\Owner\Application Data\fe2b5420d7a87483f5abf517be96ce35 moved successfully.

C:\Documents and Settings\Owner\Application Data\81c4944d0b8d82cd40b6459642f3a081 moved successfully.

C:\Documents and Settings\Owner\Application Data\a6b989a5dccd0f9ac0b602ca97d9dd08 moved successfully.

C:\Documents and Settings\Owner\Application Data\a42295cf5b22a65248033ebb6623ed8d moved successfully.

C:\Documents and Settings\Owner\Application Data\9db4d6d9a00f28247eeabefbc2479c8e moved successfully.

C:\Documents and Settings\Owner\Application Data\8ba3e10351b4646d08b00f5ec3922d7c moved successfully.

C:\Documents and Settings\Owner\Application Data\deb760e31381d2bef610881286f9c5f7 moved successfully.

C:\Documents and Settings\Owner\Application Data\304ed53f8d45ffbe40dc8a076cfc8e87 moved successfully.

C:\Documents and Settings\Owner\Application Data\0b9b818447d19f371dba1802e2d596e3 moved successfully.

C:\Documents and Settings\Owner\Application Data\002aca0564dfd0e2b5ac2b467c0a314a moved successfully.

C:\Documents and Settings\Owner\Application Data\cab3e9153c2e330fa596d505ac046d45 moved successfully.

C:\Documents and Settings\Owner\Application Data\b6aacb0c97dee58a17375c575df8de37 moved successfully.

C:\Documents and Settings\Owner\Application Data\29c36ad54dce8e8f0f2da2cd8f33bc03 moved successfully.

C:\Documents and Settings\Owner\Application Data\e7c5212c68e6502380277b54f1ee4781 moved successfully.

C:\Documents and Settings\Owner\Application Data\828aa84aa8e5429b180f475e31d81f2c moved successfully.

C:\Documents and Settings\Owner\Application Data\51f65182e14061f79ce5a94fe152478b moved successfully.

C:\Documents and Settings\Owner\Application Data\e30b602d9afd8874f6afd85b6e7d5f2a moved successfully.

C:\Documents and Settings\Owner\Application Data\c5877927d035879b69a96aba0709122c moved successfully.

C:\Documents and Settings\Owner\Application Data\362884e76b5fc4c4f32da06155203cab moved successfully.

C:\Documents and Settings\Owner\Application Data\204f3d61b3f9103520e30019a5c6825f moved successfully.

C:\Documents and Settings\Owner\Application Data\c708a0b1f61c9de633282f5e87e446e3 moved successfully.

C:\Documents and Settings\Owner\Application Data\5fe8c050cc10fe664f2df1c9e687ccd1 moved successfully.

C:\Documents and Settings\Owner\Application Data\d8b5a4984cf991d5e547c3f5931d3a6b moved successfully.

C:\Documents and Settings\Owner\Application Data\9f1a3b59713550dd460f838681f9ab2c moved successfully.

C:\Documents and Settings\Owner\Application Data\7ca47f8ef6dee15cb27759ece1bcd682 moved successfully.

C:\Documents and Settings\Owner\Application Data\77e1e701370f6fb71dbb7e9f31173fe4 moved successfully.

C:\Documents and Settings\Owner\Application Data\b16a9c6c88c7f074a232bdea527aef3d moved successfully.

C:\Documents and Settings\Owner\Application Data\1b5aa6ec14d07ede8516864762505181 moved successfully.

C:\Documents and Settings\Owner\Application Data\c6f705f5c4ed2d97ece26ff1e032b9bc moved successfully.

C:\Documents and Settings\Owner\Application Data\a067e50d6a6a25544ee30190e39dc07c moved successfully.

C:\Documents and Settings\Owner\Application Data\88fa111ff1c1d6d6fc0b3b95cb1267ae moved successfully.

C:\Documents and Settings\Owner\Application Data\639b364d24bf9f6b8c33ed5c615441de moved successfully.

C:\Documents and Settings\Owner\Application Data\b748cf1218828640ffe869337769340b moved successfully.

C:\Documents and Settings\Owner\Application Data\ac0b13fac7d93de774732888e4df3612 moved successfully.

C:\Documents and Settings\Owner\Application Data\74d94d3edeb6c0187e9a3bfcb2fef0d8 moved successfully.

C:\Documents and Settings\Owner\Application Data\563db75e85035e4475cd2c1feb1c5634 moved successfully.

C:\Documents and Settings\Owner\Application Data\f530f1b21f239a7cfd373a71b2f897ca moved successfully.

C:\Documents and Settings\Owner\Application Data\b87d66cdfd133baa80b4724b265526c0 moved successfully.

C:\Documents and Settings\Owner\Application Data\6940ca1c53b3385069460dee7e8dc2e8 moved successfully.

C:\Documents and Settings\Owner\Application Data\63d6f82bfd289c548d7cab2f4b21ad22 moved successfully.

C:\Documents and Settings\Owner\Application Data\c4fcf95fb00931f0bd9f5f2a601e6ecf moved successfully.

C:\Documents and Settings\Owner\Application Data\9b040191d8c010608c659cceab9a1b90 moved successfully.

C:\Documents and Settings\Owner\Application Data\828e30832eb60a5d5bc7a30ddc8d6bf4 moved successfully.

C:\Documents and Settings\Owner\Application Data\5ae932b748c35f46b7f70880f867a9a4 moved successfully.

C:\Documents and Settings\Owner\Application Data\2357eabc33f5767ff57b25de2392481d moved successfully.

C:\Documents and Settings\Owner\Application Data\b6261bdaddc69a82be016f51fa665a14 moved successfully.

C:\Documents and Settings\Owner\Application Data\d9edf88be48794ac765695204b9cb9a1 moved successfully.

C:\Documents and Settings\Owner\Application Data\c23faa05f64e153bdf892795fd8c8da0 moved successfully.

C:\Documents and Settings\Owner\Application Data\97cc9e11b550f6f4eb489764b0f81531 moved successfully.

C:\Documents and Settings\Owner\Application Data\468084797db769d9f7f8fb98316eb559 moved successfully.

C:\Documents and Settings\Owner\Application Data\1de34842847e8d5c1418a69bed8aa6bf moved successfully.

C:\Documents and Settings\Owner\Application Data\8716055b75befbcf22ac26527969d773 moved successfully.

C:\Documents and Settings\Owner\Application Data\495c59d0ce4d9f34c153f0dd312056ad moved successfully.

C:\Documents and Settings\Owner\Application Data\bdaaba47e3cacad7a367ec1648310082 moved successfully.

C:\Documents and Settings\Owner\Application Data\1f91a8afcd0d40f17e0ecd1f46ec31e2 moved successfully.

C:\Documents and Settings\Owner\Application Data\0c0e67835cce4d4b780bcd6decc6a46d moved successfully.

C:\Documents and Settings\Owner\Application Data\cecb0faf1fe757d359e6c63e99c4d74a moved successfully.

C:\Documents and Settings\Owner\Application Data\a0e50d2f1b9342d5befde230c0e76307 moved successfully.

C:\Documents and Settings\Owner\Application Data\4f042a61f2001ee7b827b86602b465c3 moved successfully.

C:\Documents and Settings\Owner\Application Data\8d94d9afc7f5783caabdcaf9c273d18f moved successfully.

C:\Documents and Settings\Owner\Application Data\b16d6f1010e333b65d9c165bc7f9fba0 moved successfully.

C:\Documents and Settings\Owner\Application Data\3866cade6a7afddbbf4514495d32a13d moved successfully.

C:\Documents and Settings\Owner\Application Data\6eb46832211eba7c250f618f518cc186 moved successfully.

C:\Documents and Settings\Owner\Application Data\f47a7aa4814556ded3ab7331bca050bb moved successfully.

C:\Documents and Settings\Owner\Application Data\d49f32232776f1379a586132c0588e00 moved successfully.

C:\Documents and Settings\Owner\Application Data\4dd364c2a921c39dc15cbaa8f4978390 moved successfully.

C:\Documents and Settings\Owner\Application Data\f751baa6fb376468dd1828c02640e791 moved successfully.

C:\Documents and Settings\NetworkService\Application Data\ebf7c9f5882ce477a7e2ae21933ece9dO0Ko1u34 moved successfully.

C:\Documents and Settings\Owner\Application Data\ceb80249ec84023818f746961df32d0c moved successfully.

C:\Documents and Settings\LocalService\Application Data\b847bad93bc22d323fc0183a6e3f3c0c moved successfully.

C:\Documents and Settings\LocalService\Application Data\ab61c7e2f1e64f224b03c73452167892 moved successfully.

C:\Documents and Settings\LocalService\Application Data\a21c3b113c8c95e51d35e4188560ef97 moved successfully.

C:\Documents and Settings\Owner\Application Data\87748e649b69537668b333d0a4c93fe1 moved successfully.

C:\Documents and Settings\LocalService\Application Data\7a00b55842251ea4d8de3eea7b880e00 moved successfully.

C:\Documents and Settings\LocalService\Application Data\6bd7d8d2fccb8da9909f7b664a7c91fc moved successfully.

C:\Documents and Settings\LocalService\Application Data\4200a7120ce5e18028c26b37d355fbe8 moved successfully.

C:\Documents and Settings\LocalService\Application Data\2caa7e2e654b1dad47e3ec68a30ceab5 moved successfully.

C:\Documents and Settings\NetworkService\Application Data\10375bdb08fefd2076e8dc6400df8bc0 moved successfully.

C:\Documents and Settings\NetworkService\Application Data\03ae6b5647d9f0c2c8a9ff07f4530739 moved successfully.

C:\Documents and Settings\LocalService\Application Data\035bfc8d78b63b8b340e3439771532e4 moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\f84b52fad026412ae5de880dde6a13f6 moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\ebf7c9f5882ce477a7e2ae21933ece9dO0Ko1u34 moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\3529826cadb7f69ed179e9aa049049fe moved successfully.

C:\WINDOWS\ebf7c9f5882ce477a7e2ae21933ece9d.dll moved successfully.

C:\Documents and Settings\Owner\Application Data\fff8d46acb74ae056e7d0b21e9e4afd4 moved successfully.

C:\Documents and Settings\Owner\Application Data\5d4f4779c480c7b648df17ee0a5b9507 moved successfully.

C:\Documents and Settings\LocalService\Application Data\dd8d6bb6ddcdcc18239f1028a6216c75 moved successfully.

C:\Documents and Settings\LocalService\Application Data\c30cfbd20141657fb59836e3bd235649 moved successfully.

C:\Documents and Settings\LocalService\Application Data\8549eeb01e449d20d25cff1fdba6436d moved successfully.

C:\Documents and Settings\LocalService\Application Data\801977ed373ffccb45f01807de87f0e1 moved successfully.

C:\Documents and Settings\LocalService\Application Data\64c090bed29224996c7a2b2f698b3e88 moved successfully.

C:\Documents and Settings\LocalService\Application Data\64b72a9d2207a70ee6360592e81cd9df moved successfully.

C:\Documents and Settings\LocalService\Application Data\4a378b3ac6d7c28c90ef50b17b212f7e moved successfully.

C:\Documents and Settings\LocalService\Application Data\393ab65a2ad4cd06e6528963a83f6eea moved successfully.

C:\Documents and Settings\LocalService\Application Data\33a548ff4679a31455ae5a518a1c6e5d moved successfully.

C:\Documents and Settings\Owner\Application Data\227339964313e9f48b0a4e5fab41dabf moved successfully.

C:\Documents and Settings\NetworkService\Application Data\0d0d6e01c659dc4a8d6e996cc4902894 moved successfully.

C:\Documents and Settings\Owner\Application Data\0557cefd925b89eb5ec96402ae2a2e7c moved successfully.

C:\Documents and Settings\NetworkService\Application Data\ef71c4c1cbacb115415f03e02a2fb903 moved successfully.

C:\Documents and Settings\Owner\Application Data\d3bcfe1bc88dd88654f763ce6c03216a moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\7b01a6d9513da3caeb9514abb450465c moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\16aa52898c04a7b8cf350a2add9c3ad1 moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\cdc7cc3751bc6e22bea0e8166349ccd6 moved successfully.

C:\Documents and Settings\Owner\Application Data\9b36a6bdb229a02303036effa9f900e2O0Ko1u34 moved successfully.

C:\Documents and Settings\NetworkService\Application Data\9b36a6bdb229a02303036effa9f900e26.dat moved successfully.

C:\Documents and Settings\LocalService\Application Data\9b36a6bdb229a02303036effa9f900e26.dat moved successfully.

C:\Documents and Settings\Owner\Application Data\d568e4479ab3ed7891c07001dda8f1b5 moved successfully.

C:\Documents and Settings\Owner\Application Data\a58c74fe9fbab4f284f50d2751b2cbea moved successfully.

C:\Documents and Settings\Owner\Application Data\9b36a6bdb229a02303036effa9f900e20.dat moved successfully.

C:\Documents and Settings\Owner\Application Data\cf16528bdaf7bfd08ab675148dbdd112 moved successfully.

C:\Documents and Settings\NetworkService\Application Data\9b36a6bdb229a02303036effa9f900e20.dat moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\9b36a6bdb229a02303036effa9f900e20.dat moved successfully.

C:\Documents and Settings\Owner\Application Data\95ab9332092a5687bb3d4ce1f3e850ee moved successfully.

C:\Documents and Settings\Owner\Application Data\d92499a66ea930568b40de3c3243a830 moved successfully.

C:\Documents and Settings\Owner\Application Data\e0d617a455a54a9472f6a371975341dd moved successfully.

C:\Documents and Settings\Owner\Application Data\cc89c335eb7c0d84ef19965012bb060c moved successfully.

C:\Documents and Settings\Owner\Application Data\cc6f6bfef50554821ce0c4093c641389 moved successfully.

C:\Documents and Settings\Owner\Application Data\8fef396a99de7bee47c07de873eca1da moved successfully.

C:\Documents and Settings\LocalService\Application Data\55a937be026cfba0420b8d9869c4fd99 moved successfully.

C:\Documents and Settings\Owner\Application Data\259c32bd23b10821a0ee742256cb603d moved successfully.

C:\Documents and Settings\LocalService\Application Data\0c88533a49406f51ec24a21a4ab68bf8 moved successfully.

C:\Documents and Settings\LocalService\Application Data\dc126139d20a4f02f01558b5f97aeae3 moved successfully.

C:\Documents and Settings\Owner\Application Data\ae804465bbb1b27c6ad26f3011ed0270 moved successfully.

C:\Documents and Settings\Owner\Application Data\76adbd82301b7205e6b6f6a39ffed2ac moved successfully.

C:\Documents and Settings\LocalService\Application Data\6de163996acab8ea21b8700236a26829 moved successfully.

C:\Documents and Settings\LocalService\Application Data\496409f2231e77e9240957a56051191a moved successfully.

C:\Documents and Settings\Owner\Application Data\45cce9846cebec1bcf4b927b2d406292 moved successfully.

C:\Documents and Settings\LocalService\Application Data\f84b52fad026412ae5de880dde6a13f6 moved successfully.

C:\Documents and Settings\Owner\Application Data\f232b800712cb54cb085dd9a37032997 moved successfully.

C:\Documents and Settings\LocalService\Application Data\3229f8fedff5df2fccd227951851f033 moved successfully.

C:\Documents and Settings\Owner\Application Data\90d646cdcfe18ddab6c3caa1672c512b moved successfully.

C:\Documents and Settings\LocalService\Application Data\7339692ff3823cd3870195c20230e0db moved successfully.

C:\Documents and Settings\LocalService\Application Data\4bb56bd4a920e0e5f57533ce82918e35 moved successfully.

C:\Documents and Settings\Owner\Application Data\3d65b13443138a8d2115a07312c1f2c8 moved successfully.

C:\Documents and Settings\LocalService\Application Data\27276ea24662239303e2d691a55aca60 moved successfully.

C:\Documents and Settings\Owner\Application Data\0ff15f836b89ee415edf14f0ad7fc073 moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\ab61c7e2f1e64f224b03c73452167892 moved successfully.

C:\Documents and Settings\Owner\Application Data\12fbfbf9cb8316996e9d180c43c10513 moved successfully.

C:\Documents and Settings\LocalService\Application Data\3a6c92af6f8b6523a589e8503d9b0590 moved successfully.

C:\Documents and Settings\NetworkService\Application Data\9b36a6bdb229a02303036effa9f900e2O0Ko1u34 moved successfully.

C:\Documents and Settings\Owner\Application Data\f57544823663e6c703dcc0d9c701db51 moved successfully.

C:\Documents and Settings\Owner\Application Data\dc7814954c30f739a31849bdf76d880d moved successfully.

C:\Documents and Settings\NetworkService\Application Data\e85f0cd7f332ad20a753f9bebd0e482c moved successfully.

C:\Documents and Settings\Owner\Application Data\da92dd2cba7a9ed61fca2c7002d78f12 moved successfully.

C:\Documents and Settings\Owner\Application Data\f049b5ded2141e509185a6f7bff1d0ef moved successfully.

C:\Documents and Settings\Owner\Application Data\5f9c3847ba52776e84b0b6b4becac95d moved successfully.

C:\Documents and Settings\LocalService\Application Data\9b36a6bdb229a02303036effa9f900e2O0Ko1u34 moved successfully.

C:\Documents and Settings\LocalService\Application Data\352ee9500caa2b2fcaea5a3e2bc88b6c moved successfully.

C:\Documents and Settings\Owner\Application Data\304257f7c1a18e3895c699a39658ae3c moved successfully.

C:\Documents and Settings\Owner\Application Data\6333e0a8a16a92fbc4c655dcc536469e moved successfully.

C:\Documents and Settings\Owner\Application Data\620825bded43322e950ba3a1f4700124 moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\b687d3ee5f298a18da9f7bdde22def30 moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\9b36a6bdb229a02303036effa9f900e2O0Ko1u34 moved successfully.

C:\Documents and Settings\Owner\Application Data\39f11e40a8e8d112e05be61aecb1806a moved successfully.

C:\WINDOWS\9b36a6bdb229a02303036effa9f900e2.dll moved successfully.

File C:\WINDOWS\Otho.Otho not found.

File C:\Documents and Settings\Owner\Application Data\ef5aea7101bd807f1651418d4a5bd420.CtIiycX6 not found.

File C:\Documents and Settings\Owner\Application Data\ebf7c9f5882ce477a7e2ae21933ece9d.CtIiycX6 not found.

File C:\WINDOWS\Arturo Free.exe not found.

File C:\Documents and Settings\Owner\Application Data\0dd9520fd5828df1cddedd00d2924117.CtIiycX6 not found.

File C:\Program Files\update.exe not found.

File C:\Documents and Settings\Owner\Application Data\9b36a6bdb229a02303036effa9f900e2.CtIiycX6 not found.

File C:\Documents and Settings\NetworkService\Application Data\0dd9520fd5828df1cddedd00d29241176.dat not found.

File C:\Documents and Settings\Owner\Application Data\0dd9520fd5828df1cddedd00d29241176.dat not found.

File C:\Documents and Settings\LocalService\Application Data\0dd9520fd5828df1cddedd00d29241176.dat not found.

File C:\WINDOWS\system32\config\systemprofile\Application Data\0dd9520fd5828df1cddedd00d29241176.dat not found.

File C:\Documents and Settings\Owner\Application Data\9f4c1be674ebe56b4f434f9f77a4561b not found.

File C:\Documents and Settings\Owner\Application Data\147d8c3789ee14c77699d0b5e0a1a052 not found.

File C:\Documents and Settings\Owner\Application Data\f84b52fad026412ae5de880dde6a13f6 not found.

File C:\Documents and Settings\LocalService\Application Data\df2d661c77998ccba7e18fd542f98b45 not found.

File C:\Documents and Settings\Owner\Application Data\ab61c7e2f1e64f224b03c73452167892 not found.

File C:\Documents and Settings\LocalService\Application Data\934f4abbab6af92c725178478b25c7b8 not found.

File C:\Documents and Settings\Owner\Application Data\926f9bcd22717b521724be8131446b75 not found.

File C:\Documents and Settings\LocalService\Application Data\73a9d38ef9a0fef4970821d9c66bb3cc not found.

File C:\Documents and Settings\LocalService\Application Data\6defaccaad5298a109effe1d8cba9ce9 not found.

File C:\Documents and Settings\LocalService\Application Data\69198bbdd8b69af79a39bd92f107ba06 not found.

File C:\Documents and Settings\LocalService\Application Data\5d7f16593c0abd39312e5540a30ce9e5 not found.

File C:\Documents and Settings\LocalService\Application Data\4ee2910c6e93cd3b420714e202326a00 not found.

File C:\Documents and Settings\Owner\Application Data\4e0e8ed409fd063b9e98afd604241934 not found.

File C:\Documents and Settings\NetworkService\Application Data\347de3c3dd425e7da7948122465f2d40 not found.

File C:\Documents and Settings\NetworkService\Application Data\2a4f5bf11519cdca143be251360499b1 not found.

File C:\Documents and Settings\Owner\Application Data\0dd9520fd5828df1cddedd00d2924117O0Ko1u34 not found.

File C:\Documents and Settings\NetworkService\Application Data\0dd9520fd5828df1cddedd00d2924117O0Ko1u34 not found.

File C:\Documents and Settings\LocalService\Application Data\0dd9520fd5828df1cddedd00d2924117O0Ko1u34 not found.

File C:\WINDOWS\system32\config\systemprofile\Application Data\352d0e8e824ffb76474f83d0e733591b not found.

File C:\WINDOWS\system32\config\systemprofile\Application Data\0dd9520fd5828df1cddedd00d2924117O0Ko1u34 not found.

File C:\WINDOWS\0dd9520fd5828df1cddedd00d2924117.dll not found.

File C:\Documents and Settings\Owner\Application Data\28cb4935e4fa116e4d993dbd81eb9092 not found.

File C:\Documents and Settings\NetworkService\Application Data\ef5aea7101bd807f1651418d4a5bd4206.dat not found.

File C:\Documents and Settings\Owner\Application Data\c30cfbd20141657fb59836e3bd235649 not found.

File C:\Documents and Settings\Owner\Application Data\5823939f16cfcbecfd23f5197e0176bb not found.

File C:\Documents and Settings\Owner\Application Data\fd35a36a189ce3427912b4760e4addb0 not found.

File C:\Documents and Settings\Owner\Application Data\30e9bf4e0b4ba2a7f2b2d7a76f655de2 not found.

File C:\Documents and Settings\Owner\Application Data\dc0cc643810f4e153d4ce7f3bd56dc0e not found.

File C:\Documents and Settings\Owner\Application Data\8360f05a91c20bb1dc1889906a222185 not found.

File C:\Documents and Settings\Owner\Application Data\645574cfce3e08307d8197f565da9c35 not found.

File C:\Documents and Settings\Owner\Application Data\496409f2231e77e9240957a56051191a not found.

File C:\Documents and Settings\Owner\Application Data\da07d4ffc5434e1f58f82e0f992a7eb5 not found.

File C:\Documents and Settings\Owner\Application Data\c0df10be9f50ad12a933ff4560b96a13 not found.

File C:\Documents and Settings\Owner\Application Data\faf07b0b9b9e210e7ad5f1446683b616 not found.

File C:\Documents and Settings\Owner\Application Data\8a2c8d49907d8ec14be6b3aa6e8c8f9f not found.

File C:\Documents and Settings\Owner\Application Data\4b4babba8a6f536bfe8d29ce2db199f5 not found.

File C:\Documents and Settings\Owner\Application Data\1ceb83085dd04393e8a87c9f54c515f1 not found.

File C:\Documents and Settings\Owner\Application Data\f4dbe8dc19117bf25913a6d5fe1d7d0a not found.

File C:\Documents and Settings\Owner\Application Data\64adc1392ec4b15bfe9ce49edc2185c4 not found.

File C:\Documents and Settings\Owner\Application Data\49bfc4bc18da631e3b5dc6e4b6dd7ce6 not found.

File C:\Documents and Settings\Owner\Application Data\4594233480ce43aaa5d6b8c556256ced not found.

File C:\Documents and Settings\Owner\Application Data\21ed0578dbf1f61298caec230bc484e6 not found.

File C:\Documents and Settings\Owner\Application Data\c2f86d5a28373ce40a5db34f94b5a428 not found.

File C:\Documents and Settings\Owner\Application Data\a097bc014c309613370eff85238c6126 not found.

File C:\Documents and Settings\Owner\Application Data\781ca566aac57cb4aeb6e0e77bdc0735 not found.

File C:\Documents and Settings\Owner\Application Data\46ed79bc1441528ad96ffacdbad12413 not found.

File C:\Documents and Settings\Owner\Application Data\dfb04da08d24c87dc94484a412cca02d not found.

File C:\Documents and Settings\Owner\Application Data\a75caca53e69cc1384be9222a8bf7f81 not found.

File C:\Documents and Settings\Owner\Application Data\2fcc20494bf032451a36c2c18e776b16 not found.

File C:\Documents and Settings\Owner\Application Data\b6f8f5f838c511513c4c6c45ec9586e9 not found.

File C:\Documents and Settings\Owner\Application Data\4e2f752bca6feb64f79d23665d78bb7e not found.

File C:\Documents and Settings\Owner\Application Data\1e36b7ef29793189682d1d1e2efce6e3 not found.

File C:\Documents and Settings\Owner\Application Data\32771cb89e61d9693c638095761635eb not found.

File C:\Documents and Settings\Owner\Application Data\31cd0c81e0bb0c6cc0108fc2ab9311a6 not found.

File C:\Documents and Settings\Owner\Application Data\2798cdeeb8068057cbc2abf7875f0cca not found.

File C:\Documents and Settings\Owner\Application Data\d129cf256d7fc7684419f54f57be37ee not found.

File C:\Documents and Settings\Owner\Application Data\6b36b1bd7d09b9695263d0ecb7410038 not found.

File C:\Documents and Settings\Owner\Application Data\260534e2efe88455f5a6c709b7af5057 not found.

File C:\Documents and Settings\Owner\Application Data\de34474e3edb7a193d4906fbc3868e5b not found.

File C:\Documents and Settings\Owner\Application Data\10e206d7a64f5d041700109f2cf82b0d not found.

File C:\Documents and Settings\Owner\Application Data\0f7908b1f8b612ecd526d3f90fdf30ab not found.

File C:\Documents and Settings\Owner\Application Data\e0222f83289d6ff869cbca875894df70 not found.

File C:\Documents and Settings\Owner\Application Data\d21e991d3c9e257f24fbae17af6065b7 not found.

File C:\Documents and Settings\Owner\Application Data\5cb4d4e4794fcb643c5d6eece3d3fdf8 not found.

File C:\Documents and Settings\Owner\Application Data\0a9d6876f8dd1ce8bb0c1ec9b6955853 not found.

File C:\Documents and Settings\Owner\Application Data\b07d581d07410b9dd9a93f6bd44d5a1e not found.

File C:\Documents and Settings\Owner\Application Data\81f5f729d51a00edd733cb5a95f71297 not found.

File C:\Documents and Settings\Owner\Application Data\506a5ebd19dba216badef59f075bdb15 not found.

File C:\Documents and Settings\Owner\Application Data\3ae4a644c7595f5c024f6c9ca457867c not found.

File C:\Documents and Settings\Owner\Application Data\1bf9fd572caf7e2304ad2cdc41a76919 not found.

File C:\Documents and Settings\Owner\Application Data\c19839005eb9562c2130ea3a73cffa4e not found.

File C:\Documents and Settings\Owner\Application Data\7a5a98fa96fadbc4b102083b18f8412d not found.

File C:\Documents and Settings\Owner\Application Data\7525ad667a2e2d9a26996ff5752f3feb not found.

File C:\Documents and Settings\Owner\Application Data\fc6c1c86df93adae95c8c94258114e59 not found.

File C:\Documents and Settings\Owner\Application Data\85883bff112391b3c7d3a52ee507e683 not found.

File C:\Documents and Settings\Owner\Application Data\80229955c9d1683794855df906d551c9 not found.

File C:\Documents and Settings\Owner\Application Data\2882b324099fa10fcafdff4838d7d0cd not found.

File C:\Documents and Settings\Owner\Application Data\62d7de070d41518862205e6cdc4e953f not found.

File C:\Documents and Settings\Owner\Application Data\280b82aad63635a35608d33967af4b98 not found.

File C:\Documents and Settings\Owner\Application Data\a71f491e61d784fd035e03b51c245448 not found.

File C:\Documents and Settings\Owner\Application Data\a18ccfc99b431318b2fb0b4a640879d0 not found.

File C:\Documents and Settings\Owner\Application Data\06ccf9bf9bc77062472f85618a98c213 not found.

File C:\Documents and Settings\Owner\Application Data\ef1ecd849cf4ea7f2ffca5aa5d174201 not found.

File C:\Documents and Settings\Owner\Application Data\74165034c7ea5637ff5e4000190045d4 not found.

File C:\Documents and Settings\Owner\Application Data\ee2cca46adfc1687a81363c9c75cf99d not found.

File C:\Documents and Settings\Owner\Application Data\0fa64b159d4a374061383a90bc50b72d not found.

File C:\Documents and Settings\Owner\Application Data\b16869873f3c13860f6bf3e12709d7b4 not found.

File C:\Documents and Settings\Owner\Application Data\a493bd2f30cd88e332b46f0249f34514 not found.

File C:\Documents and Settings\Owner\Application Data\84ffab3cdd66e466db72a52613d64803 not found.

File C:\Documents and Settings\Owner\Application Data\39aa46765871a13c25f3f04cc6f387f4 not found.

File C:\Documents and Settings\Owner\Application Data\e4c95e25a6ea7d7a1563d655936c7cae not found.

File C:\Documents and Settings\Owner\Application Data\a6b64013c13c1bf61a4a9a602c48976e not found.

File C:\Documents and Settings\Owner\Application Data\bd7253b162d6dffa0e361d98bfebe0be not found.

File C:\Documents and Settings\Owner\Application Data\b74e7d0231e7f3fcbf9ca3c07c2260a3 not found.

File C:\Documents and Settings\Owner\Application Data\683ad9dbb518e5fedae564a9990c2068 not found.

File C:\Documents and Settings\Owner\Application Data\66f44f3e5e8bc7378c4bde73db8ee166 not found.

File C:\Documents and Settings\Owner\Application Data\f3521c735718601828fcdad03e1b9ae9 not found.

File C:\Documents and Settings\Owner\Application Data\ef5aea7101bd807f1651418d4a5bd4206.dat not found.

File C:\Documents and Settings\LocalService\Application Data\ef5aea7101bd807f1651418d4a5bd4206.dat not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

C:\cmd.bat deleted successfully.

C:\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 16786 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

->Temp folder emptied: 300787239 bytes

->Temporary Internet Files folder emptied: 29973951 bytes

->Java cache emptied: 2968765 bytes

->FireFox cache emptied: 147392495 bytes

->Flash cache emptied: 25147 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 3207991 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

Total Files Cleaned = 462.00 mb

OTLPE by OldTimer - Version 3.1.48.0 log created on 08242012_134431

Link to post
Share on other sites

That's awesome! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix is failing to run properly. It finishes all of the extractions, but never makes it to the scan stage. When the install/run progress bar gets about 90% of the way across, it stops progressing. No "Program Not Responding" message. I left it going for about an hour on that step, and when I came back, it was still in the same place, so I force quit. I tried restarting, but it didn't work. I'll check around elsewhere to see if I can find a solution, but if you have any ideas, please let me know. Thanks.

Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.30.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: OWNER-9BFD2C27C [administrator]

Protection: Enabled

8/30/2012 9:58:19 AM

mbam-log-2012-08-30 (09-58-19).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 259547

Time elapsed: 39 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-01 16:51:49

-----------------------------

16:51:49.578 OS Version: Windows 5.1.2600 Service Pack 3

16:51:49.578 Number of processors: 2 586 0xE08

16:51:49.578 ComputerName: OWNER-9BFD2C27C UserName: Owner

16:51:55.984 Initialize success

17:05:05.187 AVAST engine defs: 12090101

19:05:16.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

19:05:16.000 Disk 0 Vendor: FUJITSU_MHV2100AT_PL 000000A0 Size: 95396MB BusType: 3

19:05:16.015 Disk 0 MBR read successfully

19:05:16.015 Disk 0 MBR scan

19:05:16.109 Disk 0 Windows XP default MBR code

19:05:16.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95393 MB offset 63

19:05:16.109 Disk 0 scanning sectors +195366465

19:05:16.187 Disk 0 scanning C:\WINDOWS\system32\drivers

19:05:24.984 Service scanning

19:05:42.500 Modules scanning

19:05:50.296 Disk 0 trace - called modules:

19:05:50.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

19:05:50.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823c9030]

19:05:50.375 3 CLASSPNP.SYS[f84b5fd7] -> nt!IofCallDriver -> \Device\0000007a[0x823cc300]

19:05:50.390 5 ACPI.sys[f834c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x82383d98]

19:05:51.000 AVAST engine scan C:\WINDOWS

19:06:06.531 AVAST engine scan C:\WINDOWS\system32

19:08:39.046 AVAST engine scan C:\WINDOWS\system32\drivers

19:08:52.437 AVAST engine scan C:\Documents and Settings\Owner

19:13:35.703 AVAST engine scan C:\Documents and Settings\All Users

19:13:53.421 Scan finished successfully

19:15:42.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"

19:15:42.296 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

OTL logfile created on: 9/3/2012 11:15:20 AM - Run 1

OTL by OldTimer - Version 3.2.60.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

501.93 Mb Total Physical Memory | 320.64 Mb Available Physical Memory | 63.88% Memory free

1.02 Gb Paging File | 0.70 Gb Available in Paging File | 68.15% Paging File free

Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 93.16 Gb Total Space | 58.71 Gb Free Space | 63.02% Space Free | Partition Type: NTFS

Computer Name: OWNER-9BFD2C27C | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/03 11:03:35 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/06/17 00:51:58 | 000,466,704 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe

PRC - [2012/06/17 00:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe

PRC - [2009/01/09 21:00:52 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2009/01/09 20:57:32 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/03 08:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2011/02/28 15:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll

MOD - [2008/07/29 14:55:14 | 000,969,728 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2004/08/10 05:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012/08/15 08:49:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/27 17:59:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/06/17 00:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)

DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/06/17 00:51:54 | 000,137,488 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)

DRV - [2006/10/29 08:16:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006/10/29 08:15:22 | 004,249,088 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2006/10/29 08:12:48 | 000,307,968 | R--- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2006/10/29 08:12:48 | 000,051,328 | R--- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/10/29 08:12:18 | 001,428,480 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)

DRV - [2005/11/16 18:03:34 | 001,122,688 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2005/05/11 19:47:56 | 000,371,712 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)

DRV - [2004/01/17 04:15:20 | 000,004,864 | R--- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3)

DRV - [2001/08/01 05:00:22 | 000,005,248 | R--- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:13464

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:13464

IE - HKU\S-1-5-21-725345543-113007714-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-725345543-113007714-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-725345543-113007714-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-113007714-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\S-1-5-21-725345543-113007714-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:4240

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/27 17:59:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/17 21:14:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2012/05/03 08:34:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\564hbrb7.default\extensions

[2011/11/17 21:14:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/07/27 17:59:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/11/04 20:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/04 20:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/29 11:20:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKU\S-1-5-21-725345543-113007714-682003330-1003\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-21-725345543-113007714-682003330-1003..\Run: [Muhammad] cmd.exe /c C:\Documents and Settings\Owner\Application Data\Muhammad\Muhammad.Muhammad File not found

O4 - HKU\S-1-5-21-725345543-113007714-682003330-1003..\Run: [sandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-725345543-113007714-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-725345543-113007714-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-725345543-113007714-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-725345543-113007714-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F18631E-3B7E-442B-9688-924EAB7FD8C9}: DhcpNameServer = 208.67.222.222 208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0EF6510-4DCF-4DD1-9D44-EDB04B3C0BAD}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/03/05 09:52:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/03 11:03:33 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2012/09/01 15:26:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe

[2012/08/29 09:00:44 | 004,739,810 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[2012/08/25 10:23:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos

[2012/08/25 10:22:48 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2012/08/24 10:44:31 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/08/23 12:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\CI513 files

[2012/08/22 19:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead

[2012/08/22 19:09:34 | 000,000,000 | R--D | C] -- C:\Sandbox

[2012/08/22 19:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie

[2012/08/22 19:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie

[2012/08/19 10:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MovingToANewHome

[2012/08/18 20:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb

[2012/08/18 09:23:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Cookies

[2012/08/18 09:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temporary Internet Files

[2012/08/18 09:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp

[2012/08/18 09:23:41 | 000,000,000 | ---D | C] -- C:\System Volume Information

[2012/08/18 09:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Recent

[2012/08/18 09:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Recent

[2012/08/18 09:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2012/08/18 09:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\History

[2012/08/18 09:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cookies

[2012/08/18 09:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Cookies

[2012/08/08 09:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2012/08/08 09:50:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/03 11:03:35 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2012/09/03 08:49:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/09/01 19:15:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat

[2012/09/01 15:27:47 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe

[2012/08/30 09:53:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/08/30 09:53:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/08/30 09:51:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/29 09:01:08 | 004,739,810 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[2012/08/27 11:48:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/08/25 10:55:56 | 000,001,492 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini

[2012/08/23 00:14:08 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk

[2012/08/22 19:08:57 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sandboxed Web Browser.lnk

[2012/08/22 19:08:57 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk

[2012/08/19 11:00:10 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/08/19 10:46:24 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/08/18 23:58:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/08/18 22:47:53 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-AFRC0.exe

[2012/08/18 22:47:53 | 000,010,550 | ---- | M] () -- C:\WINDOWS\is-AFRC0.msg

[2012/08/18 22:47:53 | 000,000,438 | ---- | M] () -- C:\WINDOWS\is-AFRC0.lst

[2012/08/18 18:20:14 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-EOM93.exe

[2012/08/18 18:20:14 | 000,010,550 | ---- | M] () -- C:\WINDOWS\is-EOM93.msg

[2012/08/18 18:20:14 | 000,000,453 | ---- | M] () -- C:\WINDOWS\is-EOM93.lst

[2012/08/18 17:52:21 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\6449665402bac7997f637f990f1430bc

[2012/08/15 08:38:42 | 000,159,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/08/08 09:51:19 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/01 19:15:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat

[2012/08/30 09:51:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/22 19:09:07 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Sandboxed Web Browser.lnk

[2012/08/22 19:09:07 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk

[2012/08/22 19:09:05 | 000,001,492 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini

[2012/08/18 22:47:53 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-AFRC0.exe

[2012/08/18 22:47:53 | 000,010,550 | ---- | C] () -- C:\WINDOWS\is-AFRC0.msg

[2012/08/18 22:47:53 | 000,000,438 | ---- | C] () -- C:\WINDOWS\is-AFRC0.lst

[2012/08/18 18:20:14 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-EOM93.exe

[2012/08/18 18:20:14 | 000,010,550 | ---- | C] () -- C:\WINDOWS\is-EOM93.msg

[2012/08/18 18:20:14 | 000,000,453 | ---- | C] () -- C:\WINDOWS\is-EOM93.lst

[2012/08/18 17:52:21 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\6449665402bac7997f637f990f1430bc

[2012/08/08 09:51:18 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk

[2012/08/08 09:51:18 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2012/06/09 18:12:17 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/06/09 17:22:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2012/04/25 10:39:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/02/14 17:41:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/01/18 21:12:13 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll

[2012/01/18 20:01:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011/12/06 22:20:23 | 000,028,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/11/29 10:54:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/11/29 10:54:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/11/29 10:54:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/11/29 10:54:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/11/29 10:54:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/11/29 10:27:50 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2011/11/28 12:06:53 | 000,013,618 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\5n80nt8p31r817

[2011/11/28 12:06:53 | 000,013,618 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5n80nt8p31r817

[2011/11/17 16:05:39 | 000,016,480 | R--- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2011/02/09 21:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

[2004/08/10 05:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{0ef6e669-e3f7-3402-da38-b5ab9cd23fba}\@

[2004/08/10 05:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{0ef6e669-e3f7-3402-da38-b5ab9cd23fba}\@

========== LOP Check ==========

[2012/01/04 19:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool

[2012/01/04 19:25:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2012/01/04 19:37:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP

[2012/01/04 19:40:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV

[2012/01/04 19:37:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2

[2012/01/04 19:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup

[2012/01/18 19:38:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan

[2012/01/04 19:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt

[2011/11/29 10:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2011/12/06 21:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012/01/18 19:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon

[2012/01/04 19:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX

[2012/04/23 23:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Design Science

[2011/11/17 19:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2012/05/06 21:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PrimoPDF

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 9/3/2012 11:15:20 AM - Run 1

OTL by OldTimer - Version 3.2.60.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

501.93 Mb Total Physical Memory | 320.64 Mb Available Physical Memory | 63.88% Memory free

1.02 Gb Paging File | 0.70 Gb Available in Paging File | 68.15% Paging File free

Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 93.16 Gb Total Space | 58.71 Gb Free Space | 63.02% Space Free | Partition Type: NTFS

Computer Name: OWNER-9BFD2C27C | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-725345543-113007714-682003330-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{55A960A6-0CAC-4EBB-9D7E-199545391033}" = Nero 7 Essentials

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"Canon MP495 series User Registration" = Canon MP495 series User Registration

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"DSMT6" = MathType 6

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0

"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software

"Sandboxie" = Sandboxie 3.72 (32-bit)

"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-725345543-113007714-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Photoelectric Effect" = Photoelectric Effect

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/17/2012 10:46:55 AM | Computer Name = OWNER-9BFD2C27C | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2000

Error - 8/17/2012 1:17:05 PM | Computer Name = OWNER-9BFD2C27C | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/17/2012 1:17:05 PM | Computer Name = OWNER-9BFD2C27C | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2031

Error - 8/17/2012 1:17:05 PM | Computer Name = OWNER-9BFD2C27C | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2031

Error - 8/25/2012 2:50:55 PM | Computer Name = OWNER-9BFD2C27C | Source = Application Hang | ID = 1002

Description = Hanging application ComboFix.exe, version 12.8.25.4, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2012 2:52:54 PM | Computer Name = OWNER-9BFD2C27C | Source = Application Hang | ID = 1002

Description = Hanging application ComboFix.exe, version 12.8.25.4, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2012 3:09:58 PM | Computer Name = OWNER-9BFD2C27C | Source = Application Error | ID = 1000

Description = Faulting application combofix.exe, version 12.8.25.4, faulting module

unknown, version 0.0.0.0, fault address 0x01491225.

Error - 8/25/2012 3:10:20 PM | Computer Name = OWNER-9BFD2C27C | Source = Application Error | ID = 1001

Description = Fault bucket -1167518743.

Error - 8/25/2012 3:51:59 PM | Computer Name = OWNER-9BFD2C27C | Source = Application Hang | ID = 1002

Description = Hanging application ComboFix.exe, version 12.8.25.4, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 8/29/2012 12:11:18 PM | Computer Name = OWNER-9BFD2C27C | Source = Application Hang | ID = 1002

Description = Hanging application ComboFix.exe, version 12.8.28.3, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 8/29/2012 12:04:38 PM | Computer Name = OWNER-9BFD2C27C | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Fips intelppm

Error - 8/29/2012 12:04:38 PM | Computer Name = OWNER-9BFD2C27C | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1060

Error - 8/29/2012 12:08:52 PM | Computer Name = OWNER-9BFD2C27C | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/29/2012 12:10:11 PM | Computer Name = OWNER-9BFD2C27C | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1060

Error - 8/30/2012 12:54:07 PM | Computer Name = OWNER-9BFD2C27C | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1060

Error - 8/30/2012 12:54:16 PM | Computer Name = OWNER-9BFD2C27C | Source = System Error | ID = 1003

Description = Error code 1000008e, parameter1 c0000005, parameter2 bf80e7de, parameter3

f7821d38, parameter4 00000000.

Error - 9/1/2012 6:46:04 PM | Computer Name = OWNER-9BFD2C27C | Source = SideBySide | ID = 16842810

Description = Syntax error in manifest or policy file "C:\WINDOWS\system32\SHELL32.dll"

on line 0.

Error - 9/1/2012 6:46:04 PM | Computer Name = OWNER-9BFD2C27C | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll.

Reference

error message: The operation completed successfully. .

Error - 9/3/2012 12:38:09 PM | Computer Name = OWNER-9BFD2C27C | Source = SideBySide | ID = 16842810

Description = Syntax error in manifest or policy file "C:\WINDOWS\system32\SHELL32.dll"

on line 0.

Error - 9/3/2012 12:38:09 PM | Computer Name = OWNER-9BFD2C27C | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll.

Reference

error message: The operation completed successfully. .

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:13464
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:13464
    IE - HKU\S-1-5-21-725345543-113007714-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-725345543-113007714-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
    IE - HKU\S-1-5-21-725345543-113007714-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:4240
    O4 - HKU\S-1-5-21-725345543-113007714-682003330-1003..\Run: [Muhammad] cmd.exe /c C:\Documents and Settings\Owner\Application Data\Muhammad\Muhammad.Muhammad File not found
    [2012/08/18 17:52:21 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\6449665402bac7997f637f990f1430bc
    [2011/11/28 12:06:53 | 000,013,618 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\5n80nt8p31r817
    [2011/11/28 12:06:53 | 000,013,618 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5n80nt8p31r817
    [2004/08/10 05:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{0ef6e669-e3f7-3402-da38-b5ab9cd23fba}\@
    [2004/08/10 05:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{0ef6e669-e3f7-3402-da38-b5ab9cd23fba}\@

    :files
    C:\Documents and Settings\Owner\Application Data\Muhammad
    C:\WINDOWS\Installer\{0ef6e669-e3f7-3402-da38-b5ab9cd23fba}
    C:\Documents and Settings\Owner\Local Settings\Application Data\{0ef6e669-e3f7-3402-da38-b5ab9cd23fba}
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.