Trojan-Dropper.win32.zaccess.gh on winxp pro sp3

[computer_is_dave]

Hi, I'd really appreciate some help (and patience) from someone, please   (whenever you're available to help..no rush)

 

A little bit of backstory..

I managed to download trojan-dropper.win32.zaccess.gh  which installed to the temp folder in documents and settings. I tried to follow a removal guide but couldn't find any of the files or registry keys associated with it. Initially, there was no sign of anything wrong other than zone alarm alerting me to its presence, and security software being disabled.

 

I tried countless antivirus tools and malware removal programs but nothing would run (in normal boot or safe mode) even with the program names changed.

I was also unable to boot from a recovery disk (kaspersky or windows) and ended up formatting and reinstalling windows, which wouldn't activate with the numbers generated by the wizard, (but did with the product key and an agent on the phone..not sure if that's significant).

 

After formatting it seemed ok . "Console" had disappeared from users "client name" in task manager, and an "FBW" folder had gone from documents and settings. MBAM was now working ok.

 

So I tried to see if anything was still infecting it ..better late than never?

I ran Kaspersky TDSS Killer (which worked) and flagged a suspicious object

"TDSS File system-Physical drive\device\harddisk0\DR0". (I did nothing with it as I am unsure)

 

I then ran MBAM which flagged "Documents and settings\ JaneDoe\ local settings\ temporary internet files\ content.ie5\ G1SVY7KD\ checktbexist(1).exe and then removed it.

A repeat scan by MBAM is currently showing nothing suspicious.

 

I tried to install Kaspersky security scan but got the error "1406- coould not write value Enable self protection to key\ software\ kasperskylab\ KSS2\ settings"

Now I'm a little worried that the format may not have removed everything. There were a lot of files that were changed by the trojan.. it ran riot over everything. I wasn't very happy about formatting but it didn't seem like I had much choice.

 

Would you please have a look at the DDS logs and tell me if I should be worried about anything still on there?   (Wifi is working, it was stopped for the scan)  Many thanks for your time.

JD (and Dave)

 

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Jane Doe at 16:17:15 on 2013-08-05
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1207 [GMT 1:00]
.
AV: ZoneAlarm Free Firewall Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.

BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - c:\program files\check point software technologies ltd\zonealarm\1.8.22.0\bh\zonealarm.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - c:\program files\check point software technologies ltd\zonealarm\1.8.22.0\zonealarmTlbr.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dualco~1.lnk - c:\program files\msi\dualcorecenter\StartUpDualCoreCenter.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe


SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jane doe\application data\mozilla\firefox\profiles\bfezthlf.default\
FF - plugin: c:\documents and settings\jane doe\application data\mozilla\firefox\profiles\bfezthlf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-08-05 03:34; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - ExtSQL: 2013-08-05 03:36; {1fc895a6-2042-46ec-a61b-233165b4c218}; c:\documents and settings\jane doe\application data\mozilla\firefox\profiles\bfezthlf.default\extensions\{1fc895a6-2042-46ec-a61b-233165b4c218}.xpi
FF - ExtSQL: 2013-08-05 03:37; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\jane doe\application data\mozilla\firefox\profiles\bfezthlf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-05 04:00; anttoolbar@ant.com; c:\documents and settings\jane doe\application data\mozilla\firefox\profiles\bfezthlf.default\extensions\anttoolbar@ant.com
FF - ExtSQL: 2013-08-05 14:58; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\documents and settings\jane doe\application data\mozilla\firefox\profiles\bfezthlf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2013-8-4 136024]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-8-4 586584]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-6-19 527976]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-4 418376]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\checkpoint\zonealarm\ZAPrivacyService.exe [2013-6-18 54160]
R3 DualCoreCenter;DualCoreCenter;c:\program files\msi\dualcorecenter\NTGLM7X.sys [2013-8-4 28160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-4 22856]
R3 RushTopDevice2;RushTopDevice2;c:\program files\msi\dualcorecenter\RushTop.sys [2013-8-4 51200]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-4 701512]
S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\system32\drivers\MRVW23B.sys [2013-8-5 231040]
S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [2013-8-5 299904]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\msi\live update 5\NTIOLib.sys [2013-8-5 7680]
.
=============== Created Last 30 ================
.
2013-08-05 13:58:58    --------    d-----w-    c:\documents and settings\jane doe\application data\QuickScan
2013-08-05 11:34:24    --------    d-----w-    c:\program files\Nero
2013-08-05 11:34:00    --------    d-----w-    c:\documents and settings\all users\application data\Nero
2013-08-05 10:41:17    --------    d-----w-    c:\windows\ie8updates
2013-08-05 10:22:50    --------    d-----w-    c:\program files\Windows Media Connect 2
2013-08-05 10:20:20    55296    -c----w-    c:\windows\system32\dllcache\msfeedsbs.dll
2013-08-05 10:20:19    743424    -c----w-    c:\windows\system32\dllcache\iedvtool.dll
2013-08-05 10:20:19    247808    -c----w-    c:\windows\system32\dllcache\ieproxy.dll
2013-08-05 10:20:19    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll
2013-08-05 10:20:18    630272    -c----w-    c:\windows\system32\dllcache\msfeeds.dll
2013-08-05 10:20:17    522240    -c----w-    c:\windows\system32\dllcache\jsdbgui.dll
2013-08-05 10:20:17    2005504    -c----w-    c:\windows\system32\dllcache\iertutil.dll
2013-08-05 10:20:17    11112960    -c----w-    c:\windows\system32\dllcache\ieframe.dll
2013-08-05 10:18:44    12928    -c----w-    c:\windows\system32\dllcache\usb8023x.sys
2013-08-05 10:18:44    12928    -c----w-    c:\windows\system32\dllcache\usb8023.sys
2013-08-05 10:18:07    290560    -c----w-    c:\windows\system32\dllcache\atmfd.dll
2013-08-05 10:17:19    139784    -c----w-    c:\windows\system32\dllcache\rdpwd.sys
2013-08-05 10:15:30    3072    -c----w-    c:\windows\system32\dllcache\iacenc.dll
2013-08-05 10:15:30    3072    ------w-    c:\windows\system32\iacenc.dll
2013-08-05 10:13:43    456320    -c----w-    c:\windows\system32\dllcache\mrxsmb.sys
2013-08-05 10:13:40    10496    -c----w-    c:\windows\system32\dllcache\ndistapi.sys
2013-08-05 10:13:15    105472    -c----w-    c:\windows\system32\dllcache\mup.sys
2013-08-05 10:11:03    40960    -c----w-    c:\windows\system32\dllcache\ndproxy.sys
2013-08-05 10:10:49    45568    -c----w-    c:\windows\system32\dllcache\wab.exe
2013-08-05 10:10:39    590848    -c----w-    c:\windows\system32\dllcache\rpcrt4.dll
2013-08-05 10:10:25    978944    -c----w-    c:\windows\system32\dllcache\mfc42.dll
2013-08-05 10:10:25    953856    -c----w-    c:\windows\system32\dllcache\mfc40u.dll
2013-08-05 10:10:06    617472    -c----w-    c:\windows\system32\dllcache\comctl32.dll
2013-08-05 10:09:24    3558912    -c----w-    c:\windows\system32\dllcache\moviemk.exe
2013-08-05 10:08:59    744448    -c----w-    c:\windows\system32\dllcache\helpsvc.exe
2013-08-05 10:07:02    81920    -c----w-    c:\windows\system32\dllcache\fontsub.dll
2013-08-05 10:07:02    119808    -c----w-    c:\windows\system32\dllcache\t2embed.dll
2013-08-05 10:05:18    153088    -c----w-    c:\windows\system32\dllcache\triedit.dll
2013-08-05 10:02:37    272128    -c----w-    c:\windows\system32\dllcache\bthport.sys
2013-08-05 10:02:34    203136    -c----w-    c:\windows\system32\dllcache\rmcast.sys
2013-08-05 09:55:29    --------    d-----w-    c:\windows\system32\PreInstall
2013-08-05 09:50:16    22040    ----a-w-    c:\windows\system32\wucltui.dll.mui
2013-08-05 09:50:16    17944    ----a-w-    c:\windows\system32\wuaueng.dll.mui
2013-08-05 09:50:16    15384    ----a-w-    c:\windows\system32\wuaucpl.cpl.mui
2013-08-05 09:50:16    15384    ----a-w-    c:\windows\system32\wuapi.dll.mui
2013-08-05 09:50:16    --------    d-----w-    c:\windows\system32\SoftwareDistribution
2013-08-05 03:20:57    --------    d-----w-    c:\documents and settings\jane doe\application data\DDMSettings
2013-08-05 03:06:24    --------    d-----w-    c:\program files\AnvSoft
2013-08-05 02:44:41    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-05 02:44:41    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-05 02:43:35    --------    d-----w-    c:\documents and settings\jane doe\local settings\application data\Adobe
2013-08-05 02:33:32    --------    d-----w-    c:\program files\common files\DivX Shared
2013-08-05 02:32:27    --------    d-----w-    c:\program files\DivX
2013-08-05 02:31:20    --------    d-----w-    c:\documents and settings\all users\application data\DivX
2013-08-05 02:20:13    299904    ----a-r-    c:\windows\system32\drivers\MRVW225.sys
2013-08-05 02:14:20    231040    ----a-r-    c:\windows\system32\drivers\MRVW23B.sys
2013-08-05 02:10:16    73728    ----a-w-    c:\windows\system32\ISUSPM.cpl
2013-08-05 02:10:16    213936    ----a-w-    c:\program files\common files\installshield\updateservice\ISUSPM.exe
2013-08-05 02:10:16    --------    d-----w-    c:\program files\Customer
2013-08-05 02:10:14    86960    ----a-w-    c:\program files\common files\installshield\updateservice\issch.exe
2013-08-05 02:10:14    865200    ----a-w-    c:\program files\common files\installshield\updateservice\agent.exe
2013-08-05 02:10:14    393216    ----a-w-    c:\program files\common files\installshield\updateservice\_isusres.dll
2013-08-05 02:10:14    368640    ----a-w-    c:\program files\common files\installshield\updateservice\_ispmres.dll
2013-08-05 02:10:14    283568    ----a-w-    c:\program files\common files\installshield\updateservice\ISDM.exe
2013-08-05 01:44:20    --------    d-----w-    c:\program files\Marvell
2013-08-05 01:07:17    --------    d-----w-    c:\windows\system32\appmgmt
2013-08-05 01:02:03    442368    ----a-w-    c:\windows\system32\nvudisp.exe
2013-08-05 01:02:03    --------    d-----w-    c:\windows\nview
2013-08-05 01:01:20    729088    ----a-w-    c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2013-08-05 01:01:20    69715    ----a-w-    c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2013-08-05 01:01:20    5632    ----a-w-    c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2013-08-05 01:01:20    266240    ----a-w-    c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2013-08-05 01:01:20    192512    ----a-w-    c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2013-08-05 01:01:14    188548    ----a-w-    c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2013-08-05 01:01:13    311428    ----a-w-    c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2013-08-05 01:00:57    --------    d-----w-    c:\program files\Setup Files
2013-08-05 00:56:21    11832    ----a-w-    c:\windows\acpimof.dll
2013-08-05 00:03:59    86016    ------w-    c:\windows\system32\mdmxsdk.dll
2013-08-05 00:01:42    --------    d-----w-    c:\windows\ServicePackFiles
2013-08-05 00:01:20    294912    ------w-    c:\program files\windows media player\dlimport.exe
2013-08-05 00:01:15    294912    -c----w-    c:\windows\system32\dllcache\dlimport.exe
2013-08-04 23:57:15    19569    ----a-w-    c:\windows\003145_.tmp
2013-08-04 23:12:38    --------    d-----w-    c:\windows\system32\LogFiles
2013-08-04 23:08:09    --------    d-sh--w-    c:\documents and settings\jane doe\PrivacIE
2013-08-04 23:06:19    --------    d-sh--w-    c:\documents and settings\jane doe\IETldCache
2013-08-04 23:02:25    --------    dc-h--w-    c:\windows\ie8
2013-08-04 22:43:50    --------    d-----w-    c:\documents and settings\jane doe\local settings\application data\Mozilla
2013-08-04 22:43:36    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-08-04 22:11:59    136024    ----a-w-    c:\windows\system32\drivers\kl1.sys
2013-08-04 22:11:56    74584    ----a-w-    c:\windows\system32\drivers\klflt.sys
2013-08-04 22:00:02    --------    d-----w-    c:\documents and settings\jane doe\application data\Check Point Software Technologies LTD
2013-08-04 21:59:20    --------    d-----w-    c:\windows\Internet Logs
2013-08-04 21:57:34    --------    d-----w-    c:\windows\system32\XPSViewer
2013-08-04 21:57:19    28160    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-08-04 21:57:12    14048    ------w-    c:\windows\system32\spmsg2.dll
2013-08-04 21:55:05    --------    d-----w-    c:\program files\MSXML 6.0
2013-08-04 21:45:18    --------    d-----w-    c:\program files\Check Point Software Technologies LTD
2013-08-04 21:45:02    --------    d-----w-    c:\documents and settings\all users\application data\CheckPoint
2013-08-04 21:39:49    --------    d-sh--w-    c:\documents and settings\jane doe\UserData
2013-08-04 21:30:01    --------    d-----w-    c:\windows\system32\ReinstallBackups
2013-08-04 21:29:45    --------    d-----w-    C:\Intel
.
==================== Find3M  ====================
.
2013-08-04 20:40:37    315392    ----a-w-    c:\windows\HideWin.exe
2013-06-07 22:55:44    385024    ----a-w-    c:\windows\system32\html.iec
2013-06-07 21:56:06    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-06-07 21:56:06    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02    562688    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 01:40:45    1876736    ----a-w-    c:\windows\system32\win32k.sys
2013-05-15 09:50:12    76872    ----a-w-    c:\windows\system32\RtNicProp32.dll
2013-05-15 09:50:12    403912    ----a-w-    c:\windows\system32\drivers\Rtenicxp.sys
2013-05-15 09:50:12    101448    ----a-w-    c:\windows\system32\RTNUninst32.dll
.
============= FINISH: 16:19:55.20 ===============
 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 04/08/2013 20:46:31
System Uptime: 05/08/2013 15:54:28 (1 hours ago)
.
Motherboard: MSI |  | MS-7267
Processor:               Intel® Pentium® D CPU 2.80GHz | CPU 1 | 2793/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 220.9 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 802.11g/b Wireless LAN Client Adapter - USB
Device ID: USB\VID_1286&PID_1FAB\5&17BDD7FE&0&3
Manufacturer: Customer
Name: 802.11g/b Wireless LAN Client Adapter - USB
PNP Device ID: USB\VID_1286&PID_1FAB\5&17BDD7FE&0&3
Service: MRVW225
.
==== System Restore Points ===================
.
RP1: 04/08/2013 20:53:37 - System Checkpoint
RP2: 04/08/2013 21:40:42 - Installed Realtek High Definition Audio Driver
RP3: 04/08/2013 21:49:26 - Installed Windows XP KB943232.
RP4: 04/08/2013 22:55:13 - Installed Windows XP WIC.
RP5: 04/08/2013 22:57:12 - Installed %1 %2.
RP6: 04/08/2013 22:57:16 - Printer Driver Microsoft XPS Document Writer Installed
RP7: 04/08/2013 22:58:33 - Installed Windows XP KB943232.
RP8: 04/08/2013 23:51:12 - Installed Windows XP KB932823-v3.
RP9: 04/08/2013 23:57:17 - Installed Windows XP KB932823-v3.
RP10: 05/08/2013 00:03:14 - Installed Windows Internet Explorer 8.
RP11: 05/08/2013 00:57:19 - Installed Windows XP Service Pack 3.
RP12: 05/08/2013 02:06:44 - Removed J2SE Runtime Environment 5.0 Update 6
RP13: 05/08/2013 03:10:14 - Installed Wireless USB utility V1.01
RP14: 05/08/2013 03:14:15 - Unsigned driver install
RP15: 05/08/2013 03:20:11 - Update to an unsigned driver
RP16: 05/08/2013 10:54:54 - Software Distribution Service 3.0
RP17: 05/08/2013 11:20:59 - Software Distribution Service 3.0
RP18: 05/08/2013 12:33:51 - Installed Nero 9 Essentials 4.4.9.0
RP19: 05/08/2013 14:29:36 - Installed Kaspersky Security Scan.
.
==== Installed Programs ======================
.
7-Zip 9.22beta
AC3Filter (remove only)
Adobe Flash Player 11 Plugin
Advertising Center
Any Video Converter 5.0.8
DivX Setup
DualCoreCenter
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 (KB2418240)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
ImagXpress
Live Update 5
Malwarebytes Anti-Malware version 1.75.0.1300
Marvell Miniport Driver
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 6.0 Parser (KB933579)
Nero 9 Essentials
Nero ControlCenter
Nero Express Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NVIDIA Drivers
Realtek High Definition Audio Driver
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wireless USB utility V1.01
XML Paper Specification Shared Components Pack 1.0
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm Security
ZoneAlarm Security Toolbar
.
==== Event Viewer Messages From Past Week ========
.
05/08/2013 15:55:01, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
05/08/2013 11:57:52, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows Media Format Runtime 9 for Windows XP (KB2803821).
04/08/2013 21:57:54, error: PlugPlayManager [11]  - The device Root\LEGACY_SETUPNTGLM7X\0000 disappeared from the system without first being prepared for removal.
04/08/2013 21:56:24, error: Service Control Manager [7000]  - The MSICPL service failed to start due to the following error:  The system cannot find the file specified.
04/08/2013 21:53:40, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
04/08/2013 21:53:40, error: SideBySide [59]  - Generate Activation Context failed for C:\DOCUME~1\JANEDO~1\LOCALS~1\Temp\schk.tmp. Reference error message: The operation completed successfully. .
04/08/2013 21:53:40, error: SideBySide [32]  - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
.
==== End Of File ===========================
 

 

 

 

 

[D-FRED-BROWN]

Hello computer_is_dave and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.

  Vista/Windows 7 users right-click and select Run As Administrator.

• If TDSSKiller does not run, try renaming it.
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
• Click the Start Scan button.
• Do not use the computer during the scan
• If the scan completes with nothing found, click Close to exit.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.

• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
• Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

• TDSSKiller's logfile
• MBAR mbar-log.txt and system-log.txt
• ComboFix's report (C:\ComboFix.txt)
• Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

 

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

[computer_is_dave]

Hi D-Fred-Brown.. sorry about the delay, I wasn't expecting a response so soon.

 

Regarding the tdsskiller.exe.. should I be checking the TDLFS option?.. i just ask because when I scanned with it earlier (this afternoon) it was only giving me a positive with TDLFS checked. (The user guide I was following said to, I wasn't freestyling)

 

thanks,

JD

[D-FRED-BROWN]

Go ahead and check it, yeah. Let me know if you have any trouble.

[computer_is_dave]

For now, just the tdss rootkit remover log.. and only the one malware anti-rootkit log as it didn't detect anything.

Am going to do combofix and need to close the broswer

 

 

 

 

 

 

20:44:33.0750 2880  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
20:44:35.0765 2880  ============================================================
20:44:35.0765 2880  Current date / time: 2013/08/05 20:44:35.0765
20:44:35.0765 2880  SystemInfo:
20:44:35.0765 2880  
20:44:35.0765 2880  OS Version: 5.1.2600 ServicePack: 3.0
20:44:35.0765 2880  Product type: Workstation
20:44:35.0765 2880  ComputerName: DAVE
20:44:35.0765 2880  UserName: Jane Doe
20:44:35.0765 2880  Windows directory: C:\WINDOWS
20:44:35.0765 2880  System windows directory: C:\WINDOWS
20:44:35.0765 2880  Processor architecture: Intel x86
20:44:35.0765 2880  Number of processors: 2
20:44:35.0765 2880  Page size: 0x1000
20:44:35.0765 2880  Boot type: Normal boot
20:44:35.0765 2880  ============================================================
20:44:45.0265 2880  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:44:45.0265 2880  ============================================================
20:44:45.0265 2880  \Device\Harddisk0\DR0:
20:44:45.0265 2880  MBR partitions:
20:44:45.0265 2880  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
20:44:45.0265 2880  ============================================================
20:44:45.0296 2880  C: <-> \Device\Harddisk0\DR0\Partition1
20:44:45.0296 2880  ============================================================
20:44:45.0296 2880  Initialize success
20:44:45.0296 2880  ============================================================
20:45:03.0296 3860  ============================================================
20:45:03.0296 3860  Scan started
20:45:03.0296 3860  Mode: Manual; TDLFS;
20:45:03.0296 3860  ============================================================
20:45:03.0656 3860  ================ Scan system memory ========================
20:45:03.0656 3860  System memory - ok
20:45:03.0656 3860  ================ Scan services =============================
20:45:03.0921 3860  Abiosdsk - ok
20:45:03.0937 3860  abp480n5 - ok
20:45:03.0968 3860  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:45:03.0968 3860  ACPI - ok
20:45:04.0000 3860  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:45:04.0000 3860  ACPIEC - ok
20:45:04.0078 3860  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:45:04.0078 3860  AdobeFlashPlayerUpdateSvc - ok
20:45:04.0078 3860  adpu160m - ok
20:45:04.0109 3860  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:45:04.0109 3860  aec - ok
20:45:04.0140 3860  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:45:04.0156 3860  AFD - ok
20:45:04.0156 3860  Aha154x - ok
20:45:04.0156 3860  aic78u2 - ok
20:45:04.0156 3860  aic78xx - ok
20:45:04.0203 3860  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:45:04.0203 3860  Alerter - ok
20:45:04.0218 3860  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
20:45:04.0218 3860  ALG - ok
20:45:04.0234 3860  AliIde - ok
20:45:04.0234 3860  amsint - ok
20:45:04.0265 3860  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
20:45:04.0265 3860  AppMgmt - ok
20:45:04.0281 3860  asc - ok
20:45:04.0281 3860  asc3350p - ok
20:45:04.0281 3860  asc3550 - ok
20:45:04.0390 3860  [ 4EABF511B1AF176A971C3271E48FA3A8 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:45:04.0390 3860  aspnet_state - ok
20:45:04.0421 3860  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:45:04.0421 3860  AsyncMac - ok
20:45:04.0453 3860  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:45:04.0453 3860  atapi - ok
20:45:04.0453 3860  Atdisk - ok
20:45:04.0484 3860  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:45:04.0484 3860  Atmarpc - ok
20:45:04.0515 3860  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:45:04.0515 3860  AudioSrv - ok
20:45:04.0562 3860  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:45:04.0562 3860  audstub - ok
20:45:04.0609 3860  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:45:04.0609 3860  Beep - ok
20:45:04.0671 3860  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:45:04.0703 3860  BITS - ok
20:45:04.0718 3860  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
20:45:04.0734 3860  Browser - ok
20:45:04.0750 3860  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:45:04.0750 3860  cbidf2k - ok
20:45:04.0765 3860  cd20xrnt - ok
20:45:04.0781 3860  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:45:04.0796 3860  Cdaudio - ok
20:45:04.0843 3860  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:45:04.0843 3860  Cdfs - ok
20:45:04.0859 3860  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:45:04.0859 3860  Cdrom - ok
20:45:04.0859 3860  Changer - ok
20:45:04.0890 3860  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:45:04.0890 3860  CiSvc - ok
20:45:04.0906 3860  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:45:04.0906 3860  ClipSrv - ok
20:45:04.0937 3860  [ 234B1BC2796483E1F5C3F26649FB3388 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:45:04.0937 3860  clr_optimization_v2.0.50727_32 - ok
20:45:04.0953 3860  CmdIde - ok
20:45:04.0953 3860  COMSysApp - ok
20:45:04.0968 3860  Cpqarray - ok
20:45:04.0968 3860  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:45:04.0968 3860  CryptSvc - ok
20:45:04.0984 3860  dac2w2k - ok
20:45:04.0984 3860  dac960nt - ok
20:45:05.0031 3860  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:45:05.0031 3860  DcomLaunch - ok
20:45:05.0062 3860  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:45:05.0078 3860  Dhcp - ok
20:45:05.0078 3860  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:45:05.0078 3860  Disk - ok
20:45:05.0093 3860  dmadmin - ok
20:45:05.0156 3860  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:45:05.0171 3860  dmboot - ok
20:45:05.0203 3860  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:45:05.0203 3860  dmio - ok
20:45:05.0234 3860  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:45:05.0234 3860  dmload - ok
20:45:05.0281 3860  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:45:05.0281 3860  dmserver - ok
20:45:05.0281 3860  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:45:05.0296 3860  DMusic - ok
20:45:05.0312 3860  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:45:05.0328 3860  Dnscache - ok
20:45:05.0359 3860  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:45:05.0359 3860  Dot3svc - ok
20:45:05.0359 3860  dpti2o - ok
20:45:05.0375 3860  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:45:05.0375 3860  drmkaud - ok
20:45:05.0453 3860  [ 994D42A1C15F0A64662D9C06B3345964 ] DualCoreCenter  C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys
20:45:05.0453 3860  DualCoreCenter - ok
20:45:05.0468 3860  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:45:05.0468 3860  EapHost - ok
20:45:05.0515 3860  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:45:05.0515 3860  ERSvc - ok
20:45:05.0546 3860  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
20:45:05.0546 3860  Eventlog - ok
20:45:05.0562 3860  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
20:45:05.0578 3860  EventSystem - ok
20:45:05.0609 3860  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:45:05.0609 3860  Fastfat - ok
20:45:05.0640 3860  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:45:05.0640 3860  FastUserSwitchingCompatibility - ok
20:45:05.0656 3860  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
20:45:05.0656 3860  Fdc - ok
20:45:05.0703 3860  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:45:05.0703 3860  Fips - ok
20:45:05.0703 3860  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
20:45:05.0718 3860  Flpydisk - ok
20:45:05.0765 3860  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:45:05.0765 3860  FltMgr - ok
20:45:05.0843 3860  [ 993883524AA9CF1C90E1545411A9AC9C ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:45:05.0843 3860  FontCache3.0.0.0 - ok
20:45:05.0859 3860  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:45:05.0859 3860  Fs_Rec - ok
20:45:05.0859 3860  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:45:05.0859 3860  Ftdisk - ok
20:45:05.0875 3860  GMSIPCI - ok
20:45:05.0890 3860  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:45:05.0890 3860  Gpc - ok
20:45:05.0890 3860  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:45:05.0906 3860  HDAudBus - ok
20:45:05.0968 3860  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:45:05.0968 3860  helpsvc - ok
20:45:06.0000 3860  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
20:45:06.0000 3860  HidServ - ok
20:45:06.0015 3860  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:45:06.0015 3860  hidusb - ok
20:45:06.0062 3860  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:45:06.0062 3860  hkmsvc - ok
20:45:06.0062 3860  hpn - ok
20:45:06.0109 3860  [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:45:06.0109 3860  HTTP - ok
20:45:06.0140 3860  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:45:06.0140 3860  HTTPFilter - ok
20:45:06.0140 3860  i2omgmt - ok
20:45:06.0156 3860  i2omp - ok
20:45:06.0156 3860  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
20:45:06.0171 3860  i8042prt - ok
20:45:06.0234 3860  [ E7CC3AEAED9893A88876744CD439F76C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:45:06.0250 3860  idsvc - ok
20:45:06.0265 3860  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:45:06.0265 3860  Imapi - ok
20:45:06.0312 3860  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:45:06.0312 3860  ImapiService - ok
20:45:06.0312 3860  ini910u - ok
20:45:06.0437 3860  [ 574C9B2F9406D28F8F7E5C7B46B470E6 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:45:06.0546 3860  IntcAzAudAddService - ok
20:45:06.0546 3860  IntelIde - ok
20:45:06.0562 3860  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:45:06.0562 3860  intelppm - ok
20:45:06.0593 3860  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
20:45:06.0593 3860  Ip6Fw - ok
20:45:06.0625 3860  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:45:06.0625 3860  IpFilterDriver - ok
20:45:06.0640 3860  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:45:06.0656 3860  IpInIp - ok
20:45:06.0671 3860  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:45:06.0671 3860  IpNat - ok
20:45:06.0718 3860  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:45:06.0718 3860  IPSec - ok
20:45:06.0734 3860  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:45:06.0734 3860  IRENUM - ok
20:45:06.0765 3860  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:45:06.0765 3860  isapnp - ok
20:45:06.0765 3860  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:45:06.0765 3860  Kbdclass - ok
20:45:06.0781 3860  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:45:06.0781 3860  kbdhid - ok
20:45:06.0812 3860  [ 2503B1AAAC2840A4708EC3578CC67928 ] KL1             C:\WINDOWS\system32\DRIVERS\kl1.sys
20:45:06.0812 3860  KL1 - ok
20:45:06.0843 3860  [ DC091A2571EE1CB9FEDD7C67BB46C2D2 ] KLIF            C:\WINDOWS\system32\DRIVERS\klif.sys
20:45:06.0843 3860  KLIF - ok
20:45:06.0859 3860  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:45:06.0875 3860  kmixer - ok
20:45:06.0906 3860  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:45:06.0906 3860  KSecDD - ok
20:45:06.0937 3860  [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
20:45:06.0937 3860  lanmanserver - ok
20:45:06.0968 3860  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:45:06.0984 3860  lanmanworkstation - ok
20:45:06.0984 3860  lbrtfdc - ok
20:45:07.0015 3860  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:45:07.0015 3860  LmHosts - ok
20:45:07.0031 3860  [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
20:45:07.0046 3860  mbamchameleon - ok
20:45:07.0078 3860  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
20:45:07.0078 3860  MBAMProtector - ok
20:45:07.0140 3860  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:45:07.0156 3860  MBAMScheduler - ok
20:45:07.0187 3860  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:45:07.0203 3860  MBAMService - ok
20:45:07.0203 3860  [ 90B11EC07E81D95772A86F0CF2F24162 ] mbamswissarmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
20:45:07.0218 3860  mbamswissarmy - ok
20:45:07.0234 3860  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:45:07.0234 3860  Messenger - ok
20:45:07.0265 3860  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:45:07.0281 3860  mnmdd - ok
20:45:07.0312 3860  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
20:45:07.0312 3860  mnmsrvc - ok
20:45:07.0343 3860  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:45:07.0343 3860  Modem - ok
20:45:07.0375 3860  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:45:07.0375 3860  Mouclass - ok
20:45:07.0406 3860  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:45:07.0406 3860  mouhid - ok
20:45:07.0421 3860  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:45:07.0421 3860  MountMgr - ok
20:45:07.0468 3860  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:45:07.0468 3860  MozillaMaintenance - ok
20:45:07.0468 3860  mraid35x - ok
20:45:07.0515 3860  [ B50B607B3A5CF4B069C6C4AB81C8B9DE ] MRV6X32U        C:\WINDOWS\system32\DRIVERS\MRVW23B.sys
20:45:07.0515 3860  MRV6X32U - ok
20:45:07.0562 3860  [ 5D235DAA0A9FEED8D880DF7277D6CCC8 ] MRVW225         C:\WINDOWS\system32\DRIVERS\MRVW225.sys
20:45:07.0562 3860  MRVW225 - ok
20:45:07.0578 3860  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:45:07.0578 3860  MRxDAV - ok
20:45:07.0609 3860  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:45:07.0640 3860  MRxSmb - ok
20:45:07.0671 3860  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
20:45:07.0671 3860  MSDTC - ok
20:45:07.0687 3860  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:45:07.0687 3860  Msfs - ok
20:45:07.0687 3860  MSICPL - ok
20:45:07.0687 3860  MSIServer - ok
20:45:07.0718 3860  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:45:07.0718 3860  MSKSSRV - ok
20:45:07.0734 3860  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:45:07.0734 3860  MSPCLOCK - ok
20:45:07.0750 3860  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:45:07.0750 3860  MSPQM - ok
20:45:07.0796 3860  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:45:07.0796 3860  mssmbios - ok
20:45:07.0828 3860  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:45:07.0828 3860  Mup - ok
20:45:07.0859 3860  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:45:07.0859 3860  napagent - ok
20:45:07.0875 3860  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:45:07.0890 3860  NDIS - ok
20:45:07.0906 3860  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:45:07.0921 3860  NdisTapi - ok
20:45:07.0937 3860  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:45:07.0937 3860  Ndisuio - ok
20:45:07.0953 3860  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:45:07.0953 3860  NdisWan - ok
20:45:07.0984 3860  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:45:07.0984 3860  NDProxy - ok
20:45:08.0140 3860  [ 0FF3C6AA3E0FE0EB316DF5449B569463 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:45:08.0187 3860  Nero BackItUp Scheduler 4.0 - ok
20:45:08.0218 3860  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:45:08.0218 3860  NetBIOS - ok
20:45:08.0234 3860  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:45:08.0234 3860  NetBT - ok
20:45:08.0281 3860  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:45:08.0281 3860  NetDDE - ok
20:45:08.0281 3860  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:45:08.0281 3860  NetDDEdsdm - ok
20:45:08.0328 3860  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:45:08.0328 3860  Netlogon - ok
20:45:08.0343 3860  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
20:45:08.0343 3860  Netman - ok
20:45:08.0375 3860  [ F9102685F97F9BA85F4A70AFCF722CFE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:45:08.0375 3860  NetTcpPortSharing - ok
20:45:08.0406 3860  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:45:08.0406 3860  Nla - ok
20:45:08.0437 3860  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:45:08.0437 3860  Npfs - ok
20:45:08.0437 3860  NTACCESS - ok
20:45:08.0453 3860  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:45:08.0468 3860  Ntfs - ok
20:45:08.0515 3860  [ CD2166C9511D336A058CDE91778AAA69 ] NTIOLib_1_0_4   C:\Program Files\MSI\Live Update 5\NTIOLib.sys
20:45:08.0515 3860  NTIOLib_1_0_4 - ok
20:45:08.0562 3860  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
20:45:08.0562 3860  NtLmSsp - ok
20:45:08.0609 3860  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:45:08.0625 3860  NtmsSvc - ok
20:45:08.0640 3860  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:45:08.0640 3860  Null - ok
20:45:08.0812 3860  [ 8E72E452B9CC1E455D19E3C9FA964D37 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:45:08.0937 3860  nv - ok
20:45:08.0937 3860  [ 934833B3CD462A6F8A96F64D024C8B20 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
20:45:08.0953 3860  NVSvc - ok
20:45:08.0984 3860  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:45:08.0984 3860  NwlnkFlt - ok
20:45:08.0984 3860  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:45:08.0984 3860  NwlnkFwd - ok
20:45:09.0015 3860  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
20:45:09.0015 3860  Parport - ok
20:45:09.0031 3860  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:45:09.0031 3860  PartMgr - ok
20:45:09.0062 3860  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:45:09.0062 3860  ParVdm - ok
20:45:09.0078 3860  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:45:09.0093 3860  PCI - ok
20:45:09.0093 3860  PCIDump - ok
20:45:09.0109 3860  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:45:09.0109 3860  PCIIde - ok
20:45:09.0140 3860  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:45:09.0140 3860  Pcmcia - ok
20:45:09.0140 3860  PDCOMP - ok
20:45:09.0156 3860  PDFRAME - ok
20:45:09.0156 3860  PDRELI - ok
20:45:09.0156 3860  PDRFRAME - ok
20:45:09.0156 3860  perc2 - ok
20:45:09.0171 3860  perc2hib - ok
20:45:09.0187 3860  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
20:45:09.0187 3860  PlugPlay - ok
20:45:09.0218 3860  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:45:09.0218 3860  PolicyAgent - ok
20:45:09.0250 3860  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:45:09.0250 3860  PptpMiniport - ok
20:45:09.0265 3860  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:45:09.0265 3860  ProtectedStorage - ok
20:45:09.0265 3860  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:45:09.0281 3860  PSched - ok
20:45:09.0296 3860  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:45:09.0296 3860  Ptilink - ok
20:45:09.0296 3860  ql1080 - ok
20:45:09.0312 3860  Ql10wnt - ok
20:45:09.0312 3860  ql12160 - ok
20:45:09.0312 3860  ql1240 - ok
20:45:09.0312 3860  ql1280 - ok
20:45:09.0328 3860  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:45:09.0328 3860  RasAcd - ok
20:45:09.0375 3860  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:45:09.0375 3860  RasAuto - ok
20:45:09.0390 3860  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:45:09.0406 3860  Rasl2tp - ok
20:45:09.0437 3860  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:45:09.0453 3860  RasMan - ok
20:45:09.0453 3860  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:45:09.0453 3860  RasPppoe - ok
20:45:09.0453 3860  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:45:09.0468 3860  Raspti - ok
20:45:09.0468 3860  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:45:09.0484 3860  Rdbss - ok
20:45:09.0484 3860  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:45:09.0484 3860  RDPCDD - ok
20:45:09.0500 3860  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:45:09.0500 3860  rdpdr - ok
20:45:09.0546 3860  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:45:09.0546 3860  RDPWD - ok
20:45:09.0578 3860  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:45:09.0578 3860  RDSessMgr - ok
20:45:09.0625 3860  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:45:09.0625 3860  redbook - ok
20:45:09.0671 3860  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:45:09.0671 3860  RemoteAccess - ok
20:45:09.0718 3860  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:45:09.0718 3860  RemoteRegistry - ok
20:45:09.0734 3860  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:45:09.0734 3860  RpcLocator - ok
20:45:09.0750 3860  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
20:45:09.0765 3860  RpcSs - ok
20:45:09.0781 3860  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
20:45:09.0781 3860  RSVP - ok
20:45:09.0843 3860  [ 9555F0CCC6DB8EE2A9854B7853748379 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
20:45:09.0859 3860  RTLE8023xp - ok
20:45:09.0875 3860  [ C7DC8C440C45FAD6F064689190DC1C6F ] RushTopDevice2  C:\Program Files\MSI\DualCoreCenter\RushTop.sys
20:45:09.0875 3860  RushTopDevice2 - ok
20:45:09.0890 3860  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:45:09.0890 3860  SamSs - ok
20:45:09.0906 3860  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:45:09.0921 3860  SCardSvr - ok
20:45:09.0937 3860  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:45:09.0937 3860  Schedule - ok
20:45:09.0968 3860  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:45:09.0968 3860  Secdrv - ok
20:45:09.0984 3860  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:45:09.0984 3860  seclogon - ok
20:45:10.0000 3860  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
20:45:10.0000 3860  SENS - ok
20:45:10.0000 3860  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
20:45:10.0015 3860  serenum - ok
20:45:10.0015 3860  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
20:45:10.0015 3860  Serial - ok
20:45:10.0046 3860  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:45:10.0046 3860  Sfloppy - ok
20:45:10.0093 3860  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:45:10.0093 3860  SharedAccess - ok
20:45:10.0125 3860  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:45:10.0125 3860  ShellHWDetection - ok
20:45:10.0140 3860  Simbad - ok
20:45:10.0140 3860  Sparrow - ok
20:45:10.0171 3860  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:45:10.0171 3860  splitter - ok
20:45:10.0203 3860  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:45:10.0218 3860  Spooler - ok
20:45:10.0234 3860  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:45:10.0250 3860  sr - ok
20:45:10.0281 3860  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
20:45:10.0281 3860  srservice - ok
20:45:10.0328 3860  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:45:10.0328 3860  Srv - ok
20:45:10.0375 3860  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:45:10.0375 3860  SSDPSRV - ok
20:45:10.0421 3860  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:45:10.0437 3860  stisvc - ok
20:45:10.0453 3860  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:45:10.0468 3860  swenum - ok
20:45:10.0468 3860  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:45:10.0484 3860  swmidi - ok
20:45:10.0484 3860  SwPrv - ok
20:45:10.0484 3860  symc810 - ok
20:45:10.0500 3860  symc8xx - ok
20:45:10.0500 3860  sym_hi - ok
20:45:10.0500 3860  sym_u3 - ok
20:45:10.0515 3860  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:45:10.0515 3860  sysaudio - ok
20:45:10.0531 3860  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:45:10.0531 3860  SysmonLog - ok
20:45:10.0562 3860  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:45:10.0578 3860  TapiSrv - ok
20:45:10.0609 3860  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:45:10.0625 3860  Tcpip - ok
20:45:10.0640 3860  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:45:10.0640 3860  TDPIPE - ok
20:45:10.0656 3860  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:45:10.0656 3860  TDTCP - ok
20:45:10.0671 3860  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:45:10.0671 3860  TermDD - ok
20:45:10.0687 3860  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
20:45:10.0703 3860  TermService - ok
20:45:10.0718 3860  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:45:10.0718 3860  Themes - ok
20:45:10.0750 3860  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
20:45:10.0765 3860  TlntSvr - ok
20:45:10.0765 3860  TosIde - ok
20:45:10.0781 3860  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:45:10.0781 3860  TrkWks - ok
20:45:10.0828 3860  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:45:10.0828 3860  Udfs - ok
20:45:10.0828 3860  ultra - ok
20:45:10.0890 3860  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:45:10.0890 3860  Update - ok
20:45:10.0937 3860  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:45:10.0937 3860  upnphost - ok
20:45:10.0968 3860  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
20:45:10.0968 3860  UPS - ok
20:45:11.0015 3860  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:45:11.0015 3860  usbccgp - ok
20:45:11.0031 3860  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:45:11.0031 3860  usbehci - ok
20:45:11.0031 3860  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:45:11.0031 3860  usbhub - ok
20:45:11.0046 3860  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:45:11.0046 3860  usbuhci - ok
20:45:11.0078 3860  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:45:11.0078 3860  VgaSave - ok
20:45:11.0078 3860  ViaIde - ok
20:45:11.0109 3860  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:45:11.0109 3860  VolSnap - ok
20:45:11.0203 3860  [ D8350E1DEF14602FAAFB849005287368 ] Vsdatant        C:\WINDOWS\system32\vsdatant.sys
20:45:11.0234 3860  Vsdatant - ok
20:45:11.0281 3860  vsmon - ok
20:45:11.0359 3860  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
20:45:11.0375 3860  VSS - ok
20:45:11.0390 3860  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
20:45:11.0406 3860  W32Time - ok
20:45:11.0406 3860  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:45:11.0406 3860  Wanarp - ok
20:45:11.0421 3860  WDICA - ok
20:45:11.0437 3860  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:45:11.0437 3860  wdmaud - ok
20:45:11.0484 3860  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:45:11.0484 3860  WebClient - ok
20:45:11.0562 3860  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:45:11.0578 3860  winmgmt - ok
20:45:11.0609 3860  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:45:11.0609 3860  WmdmPmSN - ok
20:45:11.0640 3860  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
20:45:11.0656 3860  Wmi - ok
20:45:11.0671 3860  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:45:11.0671 3860  WmiApSrv - ok
20:45:11.0765 3860  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
20:45:11.0796 3860  WMPNetworkSvc - ok
20:45:11.0828 3860  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:45:11.0843 3860  wscsvc - ok
20:45:11.0843 3860  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:45:11.0843 3860  wuauserv - ok
20:45:11.0875 3860  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:45:11.0875 3860  WudfPf - ok
20:45:11.0890 3860  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:45:11.0906 3860  WudfRd - ok
20:45:11.0906 3860  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:45:11.0921 3860  WudfSvc - ok
20:45:11.0953 3860  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:45:11.0968 3860  WZCSVC - ok
20:45:12.0015 3860  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:45:12.0015 3860  xmlprov - ok
20:45:12.0062 3860  [ EBD35BDCE49B94EB247213610094F399 ] ZAPrivacyService C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
20:45:12.0062 3860  ZAPrivacyService - ok
20:45:12.0062 3860  ================ Scan global ===============================
20:45:12.0109 3860  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:45:12.0140 3860  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:45:12.0156 3860  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:45:12.0187 3860  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:45:12.0187 3860  [Global] - ok
20:45:12.0187 3860  ================ Scan MBR ==================================
20:45:12.0203 3860  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:45:12.0390 3860  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:45:12.0390 3860  \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:45:12.0390 3860  ================ Scan VBR ==================================
20:45:12.0390 3860  [ 0965FA5F1460F05A939FB7D921A9A254 ] \Device\Harddisk0\DR0\Partition1
20:45:12.0390 3860  \Device\Harddisk0\DR0\Partition1 - ok
20:45:12.0390 3860  ============================================================
20:45:12.0390 3860  Scan finished
20:45:12.0390 3860  ============================================================
20:45:12.0406 3608  Detected object count: 1
20:45:12.0406 3608  Actual detected object count: 1
20:45:24.0968 3608  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:45:24.0968 3608  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:45:34.0703 0844  Deinitialize success
 

 

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2146742272, free: 1169592320

Downloaded database version: v2013.08.05.07
Downloaded database version: v2013.07.29.01
Initializing...
------------ Kernel report ------------
     08/05/2013 19:38:41
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
owulust.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
kl1.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\vsdatant.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys
\??\C:\Program Files\MSI\DualCoreCenter\RushTop.sys
\??\C:\DOCUME~1\JANEDO~1\LOCALS~1\Temp\mbr.sys
\SystemRoot\system32\DRIVERS\MRVW225.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
\WINDOWS\system32\kernel32.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a565ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-5\
Lower Device Object: 0xffffffff8a4bc940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a565ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a4d2930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a565ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a48f9e8, DeviceName: \Device\00000060\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a4bc940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 96359635

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 488375937
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Scan finished

[D-FRED-BROWN]

Please post the logs regardless of whether they find anything or not

[computer_is_dave]

Combofix crashed and has given me a blue screen/ physical memory dump. The computer was doing this before when I was trying to boot from anything other than the C drive (before it was formatted), however this time the dump completed. Error as follows:

 

A problem has been detected and windows has been shut down to prevent damage to your computer.

Plug and play detected an error most likely caused by a faulty driver.

If this is the first time you've seen this error, restart your computer. If this screen appears again, follow these steps.

 

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

 

If problems continue disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select advanced startup options and then select safe mode  

 

Technical information:

***STOP: 0x000000CA (0x00000004, 0x8A309358, 0x00000000, 0x00000000)

 

Beginning dump of physical memory

Physical memory dump complete

Contact your system admin or tech support group for further assistance.......... Any ideas? should I try it again?

[D-FRED-BROWN]

It's possible that malware interfered with it. Try running it in Safe Mode. http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=true

[computer_is_dave]

Oh.. I assumed there had only been one log left by Malwarebytes anti-rootkit as a result of the one scan. I could only see that one.

Should I restart the computer normally and have another look? (rather than using F8 for safemode)  Am on another computer at the moment

[D-FRED-BROWN]

Try Safe Mode for now

[computer_is_dave]

Ok .. should I run mwb antirootkit again for the other log, before running combofix? (in safemode for both of them, right?)

[D-FRED-BROWN]

Yes, go ahead and run both in Safe Mode

[computer_is_dave]

my mistake, it was there.. going to try combofix again

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.08.05.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jane Doe :: DAVE [administrator]

05/08/2013 19:38:53
mbar-log-2013-08-05 (19-38-53).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 197796
Time elapsed: 19 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

[D-FRED-BROWN]

No worries. Keep me posted as to how things go

[computer_is_dave]

Well I left combofix running for about an hour and it only made it two folders past extract before grinding to a halt. The last two folders it reached before stopping were:

Output folder: C:\32788R22FWJFW\N_

Output folder: C:\32788R22FWJFW

I think I'm going to have to call it a night for now as it's 1am Wednesday and I've been looking at this screen since Saturday.. my brain is screaming for mercy.

Thanks for your help, I'll be back tomorrow afternoon to carry on. (I know.. I'm a lightweight  ) Night.

[D-FRED-BROWN]

Try renaming ComboFix.exe to Cheese.exe and running that. Let me know if it still stalls.

[computer_is_dave]

Hi again. I've changed combofix to cheese.exe and ran it. i checked that my antivirus was turned off by looking for any icons, or the program in task manager, it didn't appear to be running, but now I think I must have missed something because combofix is prompting me to turn ZA antivirus off..and I don't know where I should do that. (I know how to do it when it's running normally).

[computer_is_dave]

nevermind, I've done it.. combofix is running and currently at stage 50, will be back when it completes (hopefully)

[D-FRED-BROWN]

Sounds good. Keep me posted

[computer_is_dave]

It completed..  here are logs for combofix and security check. Kaspersky virus scanner still won't install though (same problem, termnating in a fatal error)  And TDSSKiller is still finding the same suspicious object when TDLFS is checked in parameters...MBAM is finding nothing

 

ComboFix 13-08-05.03 - Jane Doe 06/08/2013  17:15:03.1.2 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1807 [GMT 1:00]
Running from: c:\documents and settings\Jane Doe\Desktop\cheese.exe
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET12C.tmp
c:\windows\system32\SET130.tmp
c:\windows\system32\SET138.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-06 to 2013-08-06  )))))))))))))))))))))))))))))))
.
.
2013-08-04 21:29 . 2013-08-04 21:29    --------    d-----w-    C:\Intel
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-07 22:55 . 2004-08-04 12:00    385024    ----a-w-    c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-04 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 12:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 12:00    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-04 12:00    562688    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2005-10-06 00:06    1876736    ----a-w-    c:\windows\system32\win32k.sys
2013-05-15 09:50 . 2013-05-15 09:50    76872    ----a-w-    c:\windows\system32\RtNicProp32.dll
2013-05-15 09:50 . 2013-05-15 09:50    403912    ----a-w-    c:\windows\system32\drivers\Rtenicxp.sys
2013-05-15 09:50 . 2013-05-15 09:50    101448    ----a-w-    c:\windows\system32\RTNUninst32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2013-8-4 192512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [05/08/2013 03:20 299904]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [04/08/2013 21:08 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [04/08/2013 21:08 701512]
S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [04/08/2013 21:39 28160]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/08/2013 21:08 22856]
S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\system32\drivers\MRVW23B.sys [05/08/2013 03:14 231040]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [05/08/2013 01:56 7680]
S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [04/08/2013 21:39 51200]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-05 02:44]
.
.
------- Supplementary Scan -------
.

Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Jane Doe\Application Data\Mozilla\Firefox\Profiles\bfezthlf.default\
FF - ExtSQL: 2013-08-05 03:34; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-08-05 03:36; {1fc895a6-2042-46ec-a61b-233165b4c218}; c:\documents and settings\Jane Doe\Application Data\Mozilla\Firefox\Profiles\bfezthlf.default\extensions\{1fc895a6-2042-46ec-a61b-233165b4c218}.xpi
FF - ExtSQL: 2013-08-05 03:37; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Jane Doe\Application Data\Mozilla\Firefox\Profiles\bfezthlf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-05 04:00; anttoolbar@ant.com; c:\documents and settings\Jane Doe\Application Data\Mozilla\Firefox\Profiles\bfezthlf.default\extensions\anttoolbar@ant.com
FF - ExtSQL: 2013-08-05 14:58; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\documents and settings\Jane Doe\Application Data\Mozilla\Firefox\Profiles\bfezthlf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-06 17:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-08-06  17:20:42
ComboFix-quarantined-files.txt  2013-08-06 16:20
.
Pre-Run: 237,658,976,256 bytes free
Post-Run: 238,295,085,056 bytes free
.
- - End Of File - - 662C5DD0FC641A6C0E5B25E3FE9AD54B
8F558EB6672622401DA993E1E865C861
 

 

 

 

 

 Results of screen317's Security Check version 0.99.71  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
Z
o
n
e
A
l
a
r
m
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player     11.8.800.94  
 Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm ZAPrivacyService.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

[D-FRED-BROWN]

We're making progress.

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Search.
• A logfile will automatically open after the scan has finished.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------
Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

----------Step 3----------------
We need to create a New FULL OTL Report

• Please download OTL from here if you have not done so already:
  • Main Mirror
• Save it to your desktop.
• Double click on the OTL icon on your desktop.
• Click the "Scan All Users" checkbox.
• Change the "Extra Registry" option to "SafeList"
• Push the Run Scan button.
• Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 5----------------
Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

[computer_is_dave]

AdwCleaner, JRT, OTL & Extras, and ESET scan logs as requested.

(sorry for the delay.. it's been one of those days/weeks/months )

 

 

# AdwCleaner v2.306 - Logfile created 08/07/2013 at 01:37:21
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jane Doe - DAVE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jane Doe\Desktop\AdwCleaner.exe
# Option [search]


***** [services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\Jane Doe\Application Data\Mozilla\Firefox\Profiles\bfezthlf.default\searchplugins\zonealarm.xml
File Found : C:\END

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Jane Doe\Application Data\Mozilla\Firefox\Profiles\bfezthlf.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2697 octets] - [07/08/2013 01:37:21]

########## EOF - C:\AdwCleaner[R1].txt - [2757 octets] ##########

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.4 (08.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Jane Doe on 07/08/2013 at  1:39:53.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool.1



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Jane Doe\Application Data\mozilla\firefox\profiles\bfezthlf.default\user.js





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/08/2013 at  1:45:03.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[computer_is_dave]

OTL logfile created on: 07/08/2013 01:48:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Jane Doe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 70.82% Memory free
3.84 Gb Paging File | 3.42 Gb Available in Paging File | 88.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 221.34 Gb Free Space | 95.04% Space Free | Partition Type: NTFS
 
Computer Name: DAVE | User Name: Jane Doe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/07 01:29:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane Doe\Desktop\OTL.exe
PRC - [2013/06/18 15:21:12 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/01/01 00:23:52 | 020,836,352 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/08/05 11:54:08 | 000,233,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\36a16a4bd483bea283f74b96d2dfe6c8\System.ServiceProcess.ni.dll
MOD - [2013/08/05 11:53:36 | 000,163,840 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cce6dd2e3262ca0aa41af0ba2135c396\System.Configuration.Install.ni.dll
MOD - [2013/08/05 11:53:17 | 001,011,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\d1e370d2c1e2a08a673ca85e7fbc2b81\System.Configuration.ni.dll
MOD - [2013/08/05 11:49:49 | 005,771,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\83ae14d3e7c9e270ab08b5ade09dd514\System.Xml.ni.dll
MOD - [2013/08/05 11:48:30 | 002,347,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3f4885f9a9015a64ef5a586c8de94c9f\System.Core.ni.dll
MOD - [2013/08/05 11:46:59 | 008,286,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\0bef22abea49ae8cc98b8ebcba10f07a\System.ni.dll
MOD - [2013/08/05 11:46:43 | 011,436,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\709b207f778a3f7053329a6f3e17859c\mscorlib.ni.dll
MOD - [2013/06/18 15:21:31 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/02/13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2007/10/22 01:08:32 | 000,143,360 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\RushTop.dll
MOD - [2007/10/12 17:37:34 | 000,090,112 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\VGADLL.dll
MOD - [2007/01/05 11:59:00 | 000,077,824 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\CpuUsage.dll
MOD - [2006/08/27 13:45:42 | 000,030,720 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\ACEBridge.dll
MOD - [2002/01/01 00:23:52 | 020,836,352 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013/08/05 03:44:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/06/18 15:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JANEDO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/06/19 22:41:38 | 000,527,976 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2013/05/15 10:50:12 | 000,403,912 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/21 14:44:20 | 000,586,584 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/11/15 21:06:06 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/10/20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - [2007/10/18 00:09:08 | 000,051,200 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\DualCoreCenter\RushTop.sys -- (RushTopDevice2)
DRV - [2007/10/02 09:32:14 | 004,613,120 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/04/17 14:42:00 | 000,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter)
DRV - [2006/12/22 08:13:06 | 000,231,040 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW23B.sys -- (MRV6X32U)
DRV - [2005/12/21 10:44:28 | 000,299,904 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MRVW225.sys -- (MRVW225)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1004336348-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=60a3d2d5c99d485fad03c655159d74f5&tu=10G9z009P2B0CO0&sku=&tstsId=&ver=&
IE - HKU\S-1-5-21-1004336348-602609370-839522115-1003\..\SearchScopes,DefaultScope = {4DFD954C-1A8E-4884-92D4-2155E9E45547}
IE - HKU\S-1-5-21-1004336348-602609370-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1004336348-602609370-839522115-1003\..\SearchScopes\{4DFD954C-1A8E-4884-92D4-2155E9E45547}: "URL" = http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=60a3d2d5c99d485fad03c655159d74f5&tu=10G9z009P2B0CO0&sku=&tstsId=&ver=&&r=593
IE - HKU\S-1-5-21-1004336348-602609370-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1004336348-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm"
FF - prefs.js..browser.search.selectedEngine: "Search By ZoneAlarm"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.8
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&gu=60a3d2d5c99d485fad03c655159d74f5&tu=10G9z009P2B0CO0&sku=&tstsId=&ver=&&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/08/05 03:34:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/05 03:34:30 | 000,000,000 | ---D | M]
 
[2013/08/04 23:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane Doe\Application Data\Mozilla\Extensions
[2013/08/06 17:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane Doe\Application Data\Mozilla\Firefox\Profiles\bfezthlf.default\extensions
[2013/08/05 14:58:32 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Jane Doe\Application Data\Mozilla\Firefox\Profiles\bfezthlf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013/08/05 04:00:33 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Jane Doe\Application Data\Mozilla\Firefox\Profiles\bfezthlf.default\extensions\anttoolbar@ant.com
[2013/08/06 17:47:05 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Documents and Settings\Jane Doe\Application Data\Mozilla\Firefox\Profiles\bfezthlf.default\extensions\ffxtlbr@zonealarm.com
[2013/08/05 03:36:14 | 000,002,812 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane Doe\Application Data\Mozilla\Firefox\Profiles\bfezthlf.default\extensions\{1fc895a6-2042-46ec-a61b-233165b4c218}.xpi
[2013/08/05 03:37:16 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane Doe\Application Data\Mozilla\Firefox\Profiles\bfezthlf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/21 08:15:42 | 000,007,919 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane Doe\Application Data\Mozilla\Firefox\Profiles\bfezthlf.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.js
[2013/08/06 17:35:42 | 000,001,502 | ---- | M] () -- C:\Documents and Settings\Jane Doe\Application Data\Mozilla\Firefox\Profiles\bfezthlf.default\searchplugins\zonealarm.xml
[2013/08/04 22:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/04 23:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/04 23:41:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/08/05 03:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
 
O1 HOSTS File: ([2013/08/06 17:19:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKU\S-1-5-21-1004336348-602609370-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-602609370-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1004336348-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1004336348-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-1004336348-602609370-839522115-1003\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-602609370-839522115-1003\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1375652410956 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1375655517703 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13FE834C-51FC-48EE-87FB-3DC39793A822}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/08/04 20:40:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/07 01:39:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/08/07 01:39:24 | 000,563,461 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Jane Doe\Desktop\JRT.exe
[2013/08/07 01:31:04 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Jane Doe\Desktop\esetsmartinstaller_enu.exe
[2013/08/07 01:29:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jane Doe\Desktop\OTL.exe
[2013/08/06 18:07:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/06 17:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2013/08/06 17:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Check Point Software Technologies LTD
[2013/08/06 17:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013/08/06 17:20:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/08/05 22:43:17 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/08/05 22:43:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/08/05 21:57:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/08/05 21:52:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/08/05 21:52:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/08/05 21:52:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/08/05 21:52:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/08/05 21:52:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/05 21:52:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/08/05 20:57:12 | 005,100,695 | R--- | C] (Swearware) -- C:\Documents and Settings\Jane Doe\Desktop\cheese.exe
[2013/08/05 19:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/08/05 19:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\My Documents\mbar-1.06.0.1004
[2013/08/05 19:07:50 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jane Doe\Desktop\tdsskiller.exe
[2013/08/05 16:17:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jane Doe\Start Menu\Programs\Administrative Tools
[2013/08/05 14:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Application Data\QuickScan
[2013/08/05 12:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Application Data\Nero
[2013/08/05 12:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[2013/08/05 12:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2013/08/05 12:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2013/08/05 12:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2013/08/05 11:41:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/08/05 11:23:09 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2013/08/05 11:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2013/08/05 11:21:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2013/08/05 11:20:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/08/05 11:20:19 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/08/05 11:20:18 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/08/05 11:20:17 | 011,112,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/08/05 11:20:17 | 002,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/08/05 11:20:17 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/08/05 11:18:44 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/08/05 11:18:44 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/08/05 11:18:07 | 000,290,560 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2013/08/05 11:17:19 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2013/08/05 11:13:43 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2013/08/05 11:13:40 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2013/08/05 11:13:15 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2013/08/05 11:11:03 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2013/08/05 11:10:49 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2013/08/05 11:10:39 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2013/08/05 11:10:25 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2013/08/05 11:10:25 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2013/08/05 11:10:06 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2013/08/05 11:09:24 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2013/08/05 11:08:59 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2013/08/05 11:07:02 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2013/08/05 11:07:02 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2013/08/05 11:03:42 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2013/08/05 11:03:41 | 002,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2013/08/05 11:03:41 | 002,149,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2013/08/05 11:03:41 | 002,028,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2013/08/05 11:03:17 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2013/08/05 11:02:37 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2013/08/05 11:02:34 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2013/08/05 10:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2013/08/05 10:55:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2013/08/05 10:50:17 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2013/08/05 10:50:16 | 000,022,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2013/08/05 10:50:16 | 000,015,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2013/08/05 10:50:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2013/08/05 04:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Application Data\DivX
[2013/08/05 04:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Application Data\DDMSettings
[2013/08/05 04:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AnvSoft
[2013/08/05 04:06:24 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2013/08/05 03:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Application Data\Macromedia
[2013/08/05 03:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Application Data\Adobe
[2013/08/05 03:44:41 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/05 03:44:41 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/05 03:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Local Settings\Application Data\Adobe
[2013/08/05 03:34:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jane Doe\My Documents\My Videos
[2013/08/05 03:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\My Documents\DivX Movies
[2013/08/05 03:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2013/08/05 03:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2013/08/05 03:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013/08/05 03:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2013/08/05 03:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\My Documents\Essential Exes
[2013/08/05 03:20:13 | 000,299,904 | R--- | C] (Marvell Semiconductor, Inc) -- C:\WINDOWS\System32\drivers\MRVW225.sys
[2013/08/05 03:14:20 | 000,231,040 | R--- | C] (Marvell Semiconductor, Inc) -- C:\WINDOWS\System32\drivers\MRVW23B.sys
[2013/08/05 03:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2013/08/05 03:10:16 | 000,073,728 | ---- | C] (Macrovision Corporation) -- C:\WINDOWS\System32\ISUSPM.cpl
[2013/08/05 03:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Customer
[2013/08/05 03:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Customer
[2013/08/05 03:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Application Data\InstallShield
[2013/08/05 02:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Marvell
[2013/08/05 02:14:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jane Doe\Recent
[2013/08/05 02:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2013/08/05 02:07:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/08/05 02:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Application Data\Sun
[2013/08/05 02:02:03 | 000,442,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2013/08/05 02:02:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2013/08/05 02:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Setup Files
[2013/08/05 01:56:21 | 000,011,832 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\acpimof.dll
[2013/08/05 01:13:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/08/05 01:04:28 | 001,371,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2013/08/05 01:04:28 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2013/08/05 01:04:22 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2013/08/05 01:04:21 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2013/08/05 01:04:20 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2013/08/05 01:04:06 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2013/08/05 01:04:06 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2013/08/05 01:04:03 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2013/08/05 01:04:03 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2013/08/05 01:04:03 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2013/08/05 01:04:03 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2013/08/05 01:04:03 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2013/08/05 01:04:03 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2013/08/05 01:04:03 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2013/08/05 01:04:03 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2013/08/05 01:04:03 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2013/08/05 01:04:03 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2013/08/05 01:04:03 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2013/08/05 01:04:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2013/08/05 01:04:02 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2013/08/05 01:04:02 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2013/08/05 01:04:02 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2013/08/05 01:04:02 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2013/08/05 01:04:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2013/08/05 01:04:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2013/08/05 01:04:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2013/08/05 01:04:01 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2013/08/05 01:04:01 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2013/08/05 01:04:01 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2013/08/05 01:04:01 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2013/08/05 01:04:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2013/08/05 01:04:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2013/08/05 01:04:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2013/08/05 01:03:59 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2013/08/05 01:03:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2013/08/05 01:03:59 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2013/08/05 01:03:59 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2013/08/05 01:03:59 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2013/08/05 01:03:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2013/08/05 01:03:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2013/08/05 01:03:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2013/08/05 01:03:58 | 006,108,160 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2013/08/05 01:03:58 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2013/08/05 01:03:58 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2013/08/05 01:03:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2013/08/05 01:03:58 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2013/08/05 01:03:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2013/08/05 01:03:58 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2013/08/05 01:03:57 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2013/08/05 01:03:57 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2013/08/05 01:03:57 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2013/08/05 01:03:57 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2013/08/05 01:03:57 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2013/08/05 01:03:57 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2013/08/05 01:03:57 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2013/08/05 01:03:57 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2013/08/05 01:03:57 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2013/08/05 01:03:57 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2013/08/05 01:03:56 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2013/08/05 01:03:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2013/08/05 01:03:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2013/08/05 01:03:55 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2013/08/05 01:03:54 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2013/08/05 01:03:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2013/08/05 01:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2013/08/05 01:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2013/08/05 01:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2013/08/05 01:01:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2013/08/05 01:01:15 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2013/08/05 00:59:25 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2013/08/05 00:59:25 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2013/08/05 00:59:25 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2013/08/05 00:59:25 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2013/08/05 00:59:25 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2013/08/05 00:59:25 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2013/08/05 00:59:25 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2013/08/05 00:59:25 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2013/08/05 00:59:25 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2013/08/05 00:59:25 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2013/08/05 00:59:25 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2013/08/05 00:59:25 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2013/08/05 00:59:25 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2013/08/05 00:59:25 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2013/08/05 00:59:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2013/08/05 00:59:24 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2013/08/05 00:59:24 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2013/08/05 00:59:24 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2013/08/05 00:59:24 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2013/08/05 00:59:24 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2013/08/05 00:59:24 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2013/08/05 00:59:24 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2013/08/05 00:59:24 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2013/08/05 00:59:24 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2013/08/05 00:59:24 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2013/08/05 00:59:24 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2013/08/05 00:59:24 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2013/08/05 00:59:24 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2013/08/05 00:59:24 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2013/08/05 00:59:24 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2013/08/05 00:59:24 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2013/08/05 00:59:24 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2013/08/05 00:59:24 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2013/08/05 00:59:24 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2013/08/05 00:59:24 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2013/08/05 00:59:23 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2013/08/05 00:59:23 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2013/08/05 00:59:22 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2013/08/05 00:59:22 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2013/08/05 00:59:22 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2013/08/05 00:59:22 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2013/08/05 00:59:22 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2013/08/05 00:59:21 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2013/08/05 00:59:21 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2013/08/05 00:59:21 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2013/08/05 00:59:21 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2013/08/05 00:59:21 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2013/08/05 00:59:21 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2013/08/05 00:59:21 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2013/08/05 00:59:21 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2013/08/05 00:59:21 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2013/08/05 00:59:20 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2013/08/05 00:59:20 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2013/08/05 00:59:20 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2013/08/05 00:59:20 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2013/08/05 00:59:20 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2013/08/05 00:59:20 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2013/08/05 00:59:20 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2013/08/05 00:53:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013/08/05 00:12:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2013/08/05 00:08:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jane Doe\PrivacIE
[2013/08/05 00:06:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jane Doe\IETldCache
[2013/08/05 00:03:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/08/05 00:02:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/08/04 23:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\My Documents\Downloads
[2013/08/04 23:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Local Settings\Application Data\Mozilla
[2013/08/04 23:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Application Data\Mozilla
[2013/08/04 23:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/08/04 23:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/08/04 23:11:59 | 000,136,024 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys
[2013/08/04 23:11:56 | 000,586,584 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2013/08/04 23:11:56 | 000,074,584 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klflt.sys
[2013/08/04 22:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/08/04 22:57:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2013/08/04 22:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/08/04 22:57:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2013/08/04 22:57:12 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2013/08/04 22:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2013/08/04 22:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/04 22:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/08/04 22:39:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jane Doe\UserData
[2013/08/04 22:30:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2013/08/04 22:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/08/04 22:30:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2013/08/04 22:29:45 | 000,000,000 | ---D | C] -- C:\Intel
[2013/08/04 22:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2013/08/04 22:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/08/04 21:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\My Documents\ForceField Shared Files
[2013/08/04 21:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Application Data\CheckPoint
[2013/08/04 21:51:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2013/08/04 21:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Start Menu\Programs\AC3Filter
[2013/08/04 21:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2013/08/04 21:43:09 | 000,442,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
[2013/08/04 21:41:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2013/08/04 21:41:15 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2013/08/04 21:41:15 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2013/08/04 21:41:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2013/08/04 21:41:11 | 000,086,016 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
[2013/08/04 21:41:10 | 001,191,936 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2013/08/04 21:41:10 | 000,282,624 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.cpl
[2013/08/04 21:41:07 | 009,715,200 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe
[2013/08/04 21:41:03 | 004,613,120 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2013/08/04 21:40:50 | 002,165,760 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2013/08/04 21:40:47 | 000,069,632 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2013/08/04 21:40:45 | 002,808,832 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2013/08/04 21:40:45 | 000,299,008 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSndMgr.cpl
[2013/08/04 21:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/08/04 21:40:42 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2013/08/04 21:40:37 | 000,520,192 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2013/08/04 21:40:37 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2013/08/04 21:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013/08/04 21:39:30 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2013/08/04 21:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MSI
[2013/08/04 21:39:05 | 001,622,016 | ---- | C] (NVIDIA) -- C:\WINDOWS\NVBenchMarks.dll
[2013/08/04 21:39:05 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\MFC71.dll
[2013/08/04 21:39:05 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\msvcp71.dll
[2013/08/04 21:39:05 | 000,421,888 | ---- | C] (NVIDIA) -- C:\WINDOWS\nvsulib.dll
[2013/08/04 21:39:05 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\msvcr71.dll
[2013/08/04 21:39:05 | 000,053,248 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\Nvgpio.dll
[2013/08/04 21:39:05 | 000,018,216 | ---- | C] (NVidia Corp.) -- C:\WINDOWS\nvoclk64.sys
[2013/08/04 21:39:05 | 000,006,912 | ---- | C] (NVidia Corp.) -- C:\WINDOWS\nvoclock.sys
[2013/08/04 21:39:04 | 000,380,928 | ---- | C] (NVIDIA) -- C:\WINDOWS\ntuneoem.dll
[2013/08/04 21:39:04 | 000,045,056 | ---- | C] (NVIDIA) -- C:\WINDOWS\NTuneGpu.dll
[2013/08/04 21:39:04 | 000,028,672 | ---- | C] (NVIDIA) -- C:\WINDOWS\AutoTuneScript.dll
[2013/08/04 21:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSI
[2013/08/04 21:29:19 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2013/08/04 21:28:20 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2013/08/04 21:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2013/08/04 21:28:19 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2013/08/04 21:28:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2013/08/04 21:28:17 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2013/08/04 21:28:16 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2013/08/04 21:28:16 | 000,000,000 | R--D | C] -- C:\Program Files
[2013/08/04 21:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2013/08/04 21:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2013/08/04 21:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2013/08/04 21:28:13 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2013/08/04 21:28:13 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2013/08/04 21:28:13 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2013/08/04 21:28:13 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2013/08/04 21:28:13 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2013/08/04 21:28:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2013/08/04 21:28:11 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2013/08/04 21:28:11 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2013/08/04 21:28:11 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2013/08/04 21:28:11 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2013/08/04 21:28:11 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2013/08/04 21:28:11 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2013/08/04 21:28:11 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2013/08/04 21:28:11 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2013/08/04 21:28:11 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2013/08/04 21:28:11 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2013/08/04 21:28:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2013/08/04 21:28:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2013/08/04 21:28:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2013/08/04 21:28:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2013/08/04 21:28:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2013/08/04 21:28:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2013/08/04 21:28:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2013/08/04 21:28:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2013/08/04 21:28:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2013/08/04 21:28:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2013/08/04 21:28:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2013/08/04 21:28:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2013/08/04 21:28:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2013/08/04 21:28:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2013/08/04 21:28:09 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2013/08/04 21:28:09 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2013/08/04 21:28:09 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2013/08/04 21:28:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2013/08/04 21:28:09 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2013/08/04 21:28:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2013/08/04 21:28:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2013/08/04 21:28:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2013/08/04 21:28:08 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2013/08/04 21:28:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2013/08/04 21:28:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2013/08/04 21:28:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2013/08/04 21:28:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2013/08/04 21:28:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2013/08/04 21:28:07 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2013/08/04 21:28:07 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2013/08/04 21:28:07 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2013/08/04 21:28:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2013/08/04 21:28:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2013/08/04 21:28:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2013/08/04 21:28:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2013/08/04 21:28:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2013/08/04 21:28:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2013/08/04 21:28:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2013/08/04 21:28:05 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2013/08/04 21:28:05 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2013/08/04 21:28:05 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2013/08/04 21:28:05 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2013/08/04 21:28:05 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2013/08/04 21:28:05 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2013/08/04 21:28:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2013/08/04 21:28:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2013/08/04 21:28:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2013/08/04 21:28:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2013/08/04 21:28:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2013/08/04 21:28:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2013/08/04 21:28:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2013/08/04 21:28:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2013/08/04 21:28:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2013/08/04 21:28:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2013/08/04 21:28:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2013/08/04 21:28:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2013/08/04 21:28:04 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2013/08/04 21:28:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2013/08/04 21:28:04 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2013/08/04 21:28:04 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2013/08/04 21:28:04 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2013/08/04 21:28:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2013/08/04 21:28:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2013/08/04 21:28:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2013/08/04 21:28:02 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2013/08/04 21:28:02 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2013/08/04 21:28:02 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2013/08/04 21:28:02 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2013/08/04 21:28:02 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2013/08/04 21:28:02 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2013/08/04 21:28:02 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2013/08/04 21:28:02 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2013/08/04 21:28:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2013/08/04 21:28:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2013/08/04 21:28:01 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2013/08/04 21:28:01 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2013/08/04 21:28:01 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2013/08/04 21:28:01 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2013/08/04 21:28:01 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2013/08/04 21:28:01 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2013/08/04 21:28:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2013/08/04 21:28:01 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2013/08/04 21:28:01 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2013/08/04 21:28:01 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2013/08/04 21:28:01 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2013/08/04 21:28:01 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2013/08/04 21:28:00 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2013/08/04 21:28:00 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2013/08/04 21:28:00 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2013/08/04 21:28:00 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2013/08/04 21:28:00 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2013/08/04 21:28:00 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2013/08/04 21:28:00 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2013/08/04 21:28:00 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2013/08/04 21:28:00 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2013/08/04 21:28:00 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2013/08/04 21:28:00 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2013/08/04 21:27:59 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2013/08/04 21:27:59 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2013/08/04 21:27:59 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2013/08/04 21:27:58 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2013/08/04 21:27:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2013/08/04 21:27:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2013/08/04 21:27:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2013/08/04 21:27:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2013/08/04 21:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2013/08/04 21:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2013/08/04 21:27:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2013/08/04 21:27:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2013/08/04 21:27:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2013/08/04 21:27:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2013/08/04 21:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2013/08/04 21:26:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/08/04 21:20:54 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2013/08/04 21:20:54 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2013/08/04 21:20:54 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2013/08/04 21:20:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2013/08/04 21:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2013/08/04 21:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Application Data\Malwarebytes
[2013/08/04 21:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/04 21:08:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/08/04 21:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/04 21:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/08/04 20:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Application Data\Identities
[2013/08/04 20:53:24 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2013/08/04 20:53:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jane Doe\My Documents\My Music
[2013/08/04 20:53:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jane Doe\My Documents\My Pictures
 

[computer_is_dave]

[2013/08/04 20:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Local Settings\Application Data\ApplicationHistory
[2013/08/04 20:51:52 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2013/08/04 20:51:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2013/08/04 20:51:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2013/08/04 20:51:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Jane Doe\Application Data\Microsoft
[2013/08/04 20:51:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jane Doe\SendTo
[2013/08/04 20:51:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jane Doe\Application Data
[2013/08/04 20:51:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jane Doe\Start Menu\Programs\Startup
[2013/08/04 20:51:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jane Doe\Start Menu
[2013/08/04 20:51:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jane Doe\My Documents
[2013/08/04 20:51:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jane Doe\Favorites
[2013/08/04 20:51:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jane Doe\Start Menu\Programs\Accessories
[2013/08/04 20:51:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jane Doe\Cookies
[2013/08/04 20:51:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jane Doe\Templates
[2013/08/04 20:51:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jane Doe\PrintHood
[2013/08/04 20:51:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jane Doe\NetHood
[2013/08/04 20:51:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jane Doe\Local Settings
[2013/08/04 20:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Local Settings\Application Data\Microsoft
[2013/08/04 20:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Desktop
[2013/08/04 20:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Doe\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2013/08/04 20:50:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/08/04 20:50:21 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2013/08/04 20:50:21 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2013/08/04 20:50:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2013/08/04 20:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2013/08/04 20:50:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2013/08/04 20:46:24 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2013/08/04 20:46:24 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2013/08/04 20:46:24 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2013/08/04 20:46:24 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2013/08/04 20:46:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2013/08/04 20:46:23 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2013/08/04 20:46:23 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2013/08/04 20:46:23 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2013/08/04 20:46:22 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2013/08/04 20:46:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2013/08/04 20:46:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2013/08/04 20:46:22 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2013/08/04 20:46:21 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2013/08/04 20:46:21 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2013/08/04 20:46:21 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2013/08/04 20:46:20 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2013/08/04 20:46:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2013/08/04 20:46:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2013/08/04 20:46:19 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2013/08/04 20:46:18 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2013/08/04 20:46:18 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2013/08/04 20:46:18 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2013/08/04 20:46:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2013/08/04 20:46:18 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2013/08/04 20:46:18 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2013/08/04 20:46:17 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2013/08/04 20:46:16 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2013/08/04 20:46:16 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2013/08/04 20:46:15 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2013/08/04 20:46:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2013/08/04 20:46:14 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2013/08/04 20:46:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2013/08/04 20:46:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2013/08/04 20:46:13 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2013/08/04 20:46:13 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2013/08/04 20:46:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2013/08/04 20:46:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2013/08/04 20:46:12 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2013/08/04 20:46:12 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2013/08/04 20:46:12 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2013/08/04 20:46:12 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2013/08/04 20:46:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2013/08/04 20:46:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2013/08/04 20:46:12 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2013/08/04 20:46:12 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2013/08/04 20:46:12 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2013/08/04 20:46:12 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2013/08/04 20:46:12 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2013/08/04 20:46:11 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2013/08/04 20:46:10 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2013/08/04 20:46:10 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2013/08/04 20:46:09 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2013/08/04 20:46:09 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2013/08/04 20:46:08 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2013/08/04 20:46:08 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2013/08/04 20:46:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2013/08/04 20:46:07 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2013/08/04 20:46:06 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2013/08/04 20:46:06 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2013/08/04 20:46:05 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2013/08/04 20:46:05 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2013/08/04 20:46:05 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2013/08/04 20:46:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2013/08/04 20:46:04 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2013/08/04 20:46:04 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2013/08/04 20:46:04 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2013/08/04 20:46:04 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2013/08/04 20:46:04 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2013/08/04 20:46:03 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2013/08/04 20:46:03 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2013/08/04 20:46:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2013/08/04 20:46:03 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2013/08/04 20:46:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2013/08/04 20:46:01 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2013/08/04 20:46:01 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2013/08/04 20:45:59 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2013/08/04 20:45:57 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2013/08/04 20:45:57 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2013/08/04 20:45:54 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2013/08/04 20:45:54 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2013/08/04 20:45:53 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2013/08/04 20:45:53 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2013/08/04 20:45:52 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2013/08/04 20:45:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2013/08/04 20:45:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2013/08/04 20:45:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2013/08/04 20:45:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2013/08/04 20:45:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2013/08/04 20:45:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2013/08/04 20:45:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2013/08/04 20:45:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2013/08/04 20:45:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2013/08/04 20:45:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2013/08/04 20:45:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2013/08/04 20:45:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2013/08/04 20:45:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2013/08/04 20:45:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2013/08/04 20:45:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2013/08/04 20:45:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2013/08/04 20:45:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2013/08/04 20:45:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2013/08/04 20:45:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2013/08/04 20:45:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2013/08/04 20:45:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2013/08/04 20:45:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2013/08/04 20:45:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2013/08/04 20:45:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2013/08/04 20:45:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2013/08/04 20:45:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2013/08/04 20:45:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2013/08/04 20:45:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2013/08/04 20:45:47 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2013/08/04 20:45:47 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2013/08/04 20:45:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2013/08/04 20:45:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2013/08/04 20:45:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2013/08/04 20:45:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2013/08/04 20:45:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2013/08/04 20:45:46 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2013/08/04 20:45:45 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2013/08/04 20:45:45 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2013/08/04 20:45:45 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2013/08/04 20:45:45 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2013/08/04 20:45:45 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2013/08/04 20:45:45 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2013/08/04 20:45:45 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2013/08/04 20:45:44 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2013/08/04 20:45:44 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2013/08/04 20:45:44 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2013/08/04 20:45:44 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2013/08/04 20:45:44 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2013/08/04 20:45:44 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2013/08/04 20:45:44 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2013/08/04 20:45:44 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2013/08/04 20:45:43 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2013/08/04 20:45:43 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2013/08/04 20:45:43 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2013/08/04 20:45:43 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2013/08/04 20:45:43 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2013/08/04 20:45:43 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2013/08/04 20:45:43 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2013/08/04 20:45:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2013/08/04 20:45:42 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2013/08/04 20:45:42 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2013/08/04 20:45:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2013/08/04 20:45:42 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2013/08/04 20:45:39 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2013/08/04 20:45:33 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2013/08/04 20:45:32 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2013/08/04 20:45:30 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2013/08/04 20:45:30 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2013/08/04 20:45:29 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2013/08/04 20:45:29 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2013/08/04 20:45:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2013/08/04 20:45:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2013/08/04 20:45:28 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2013/08/04 20:45:27 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2013/08/04 20:45:27 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2013/08/04 20:45:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2013/08/04 20:45:27 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2013/08/04 20:45:26 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2013/08/04 20:45:26 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2013/08/04 20:45:23 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2013/08/04 20:45:22 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2013/08/04 20:45:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2013/08/04 20:45:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2013/08/04 20:45:22 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2013/08/04 20:45:22 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2013/08/04 20:45:20 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2013/08/04 20:45:20 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2013/08/04 20:45:20 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2013/08/04 20:45:20 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2013/08/04 20:45:20 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2013/08/04 20:45:20 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2013/08/04 20:45:19 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2013/08/04 20:45:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2013/08/04 20:45:19 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2013/08/04 20:45:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2013/08/04 20:45:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2013/08/04 20:45:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2013/08/04 20:45:18 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2013/08/04 20:45:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2013/08/04 20:45:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2013/08/04 20:45:12 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2013/08/04 20:45:11 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2013/08/04 20:45:11 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2013/08/04 20:45:11 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2013/08/04 20:45:10 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2013/08/04 20:45:09 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2013/08/04 20:45:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2013/08/04 20:45:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2013/08/04 20:45:07 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2013/08/04 20:45:02 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2013/08/04 20:45:02 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2013/08/04 20:45:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2013/08/04 20:45:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2013/08/04 20:45:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2013/08/04 20:45:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2013/08/04 20:44:58 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2013/08/04 20:44:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2013/08/04 20:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2013/08/04 20:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2013/08/04 20:43:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\fsc
[2013/08/04 20:43:30 | 000,000,000 | ---D | C] -- C:\AddOn
[2013/08/04 20:40:45 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2013/08/04 20:40:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2013/08/04 20:40:07 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2013/08/04 20:39:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2013/08/04 20:39:22 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2013/08/04 20:39:22 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2013/08/04 20:39:13 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2013/08/04 20:38:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2013/08/04 20:38:33 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2013/08/04 20:38:33 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2013/08/04 20:38:33 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2013/08/04 20:38:33 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2013/08/04 20:38:32 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2013/08/04 20:38:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2013/08/04 20:38:24 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2013/08/04 20:38:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2013/08/04 20:38:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2013/08/04 20:38:22 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2013/08/04 20:38:22 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2013/08/04 20:38:22 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2013/08/04 20:38:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2013/08/04 20:38:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2013/08/04 20:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2013/08/04 20:38:19 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2013/08/04 20:38:18 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2013/08/04 20:38:18 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2013/08/04 20:38:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2013/08/04 20:38:18 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2013/08/04 20:38:18 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2013/08/04 20:38:18 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2013/08/04 20:38:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2013/08/04 20:38:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2013/08/04 20:38:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2013/08/04 20:38:17 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2013/08/04 20:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2013/08/04 20:38:13 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/08/04 20:38:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2013/08/04 20:38:12 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2013/08/04 20:38:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2013/08/04 20:38:11 | 001,669,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2013/08/04 20:38:11 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2013/08/04 20:38:11 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2013/08/04 20:38:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2013/08/04 20:38:10 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2013/08/04 20:38:10 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2013/08/04 20:38:10 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2013/08/04 20:38:10 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2013/08/04 20:38:10 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2013/08/04 20:38:10 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2013/08/04 20:38:09 | 001,933,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2013/08/04 20:38:09 | 000,329,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2013/08/04 20:38:09 | 000,329,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2013/08/04 20:38:09 | 000,210,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2013/08/04 20:38:09 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2013/08/04 20:38:08 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2013/08/04 20:38:08 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2013/08/04 20:38:08 | 000,219,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2013/08/04 20:38:08 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2013/08/04 20:38:08 | 000,053,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2013/08/04 20:38:08 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2013/08/04 20:38:08 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2013/08/04 20:38:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2013/08/04 20:38:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2013/08/04 20:38:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2013/08/04 20:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2013/08/04 20:38:00 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2013/08/04 20:38:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2013/08/04 20:38:00 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2013/08/04 20:37:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2013/08/04 20:37:55 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2013/08/04 20:37:55 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2013/08/04 20:37:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2013/08/04 20:37:54 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2013/08/04 20:37:54 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2013/08/04 20:37:54 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2013/08/04 20:37:53 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2013/08/04 20:37:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2013/08/04 20:37:50 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2013/08/04 20:37:50 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2013/08/04 20:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2013/08/04 20:37:49 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2013/08/04 20:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2013/08/04 20:37:46 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2013/08/04 20:37:46 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2013/08/04 20:37:46 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2013/08/04 20:37:46 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2013/08/04 20:37:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2013/08/04 20:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2013/08/04 20:37:39 | 000,638,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2013/08/04 20:37:39 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2013/08/04 20:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2013/08/04 20:37:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2013/08/04 20:37:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2013/08/04 20:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2013/08/04 20:37:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2013/08/04 20:37:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2013/08/04 20:36:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2013/08/04 20:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2013/08/04 20:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2013/08/04 20:36:49 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2013/08/04 20:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2013/08/04 20:36:48 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2013/08/04 20:36:48 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2013/08/04 20:36:48 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2013/08/04 20:36:48 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2013/08/04 20:36:48 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2013/08/04 20:36:48 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2013/08/04 20:36:48 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2013/08/04 20:36:48 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2013/08/04 20:36:48 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2013/08/04 20:36:48 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2013/08/04 20:36:47 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2013/08/04 20:36:47 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2013/08/04 20:36:47 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2013/08/04 20:36:47 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2013/08/04 20:36:47 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2013/08/04 20:36:47 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2013/08/04 20:36:47 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2013/08/04 20:36:47 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2013/08/04 20:36:46 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2013/08/04 20:36:46 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2013/08/04 20:36:46 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2013/08/04 20:36:46 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2013/08/04 20:36:46 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2013/08/04 20:36:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2013/08/04 20:36:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2013/08/04 20:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2013/08/04 20:36:37 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2013/08/04 20:36:37 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2013/08/04 20:36:37 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2013/08/04 20:36:37 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2013/08/04 20:36:36 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2013/08/04 20:36:36 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2013/08/04 20:36:36 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2013/08/04 20:36:36 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2013/08/04 20:36:36 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2013/08/04 20:36:36 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2013/08/04 20:36:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2013/08/04 20:36:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2013/08/04 20:36:29 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2013/08/04 20:36:29 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2013/08/04 20:36:28 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2013/08/04 20:36:28 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2013/08/04 20:36:28 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2013/08/04 20:36:27 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2013/08/04 20:36:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2013/08/04 20:36:27 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2013/08/04 20:36:27 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2013/08/04 20:36:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2013/08/04 20:36:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2013/08/04 20:36:27 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2013/08/04 20:36:27 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2013/08/04 20:36:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2013/08/04 20:36:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2013/08/04 20:36:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2013/08/04 20:36:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2013/08/04 20:36:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2013/08/04 20:36:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2013/08/04 20:36:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2013/08/04 20:36:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2013/08/04 20:36:26 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2013/08/04 20:36:26 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2013/08/04 20:36:26 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2013/08/04 20:36:26 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2013/08/04 20:36:26 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2013/08/04 20:36:26 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2013/08/04 20:36:26 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2013/08/04 20:36:26 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2013/08/04 20:36:26 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2013/08/04 20:36:26 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2013/08/04 20:36:26 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2013/08/04 20:36:26 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2013/08/04 20:36:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2013/08/04 20:36:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2013/08/04 20:36:25 | 000,097,792 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2013/08/04 20:36:25 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2013/08/04 20:36:25 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2013/08/04 20:36:25 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2013/08/04 20:36:25 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2013/08/04 20:36:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2013/08/04 20:36:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2013/08/04 20:36:24 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2013/08/04 20:36:24 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2013/08/04 20:36:24 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2013/08/04 20:36:21 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2013/08/04 20:36:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2013/08/04 20:36:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2013/08/04 20:36:21 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2013/08/04 20:36:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2013/08/04 20:36:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2013/08/04 20:36:20 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2013/08/04 20:36:20 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2013/08/04 20:36:20 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2013/08/04 20:36:20 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2013/08/04 20:36:20 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2013/08/04 20:36:20 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2013/08/04 20:36:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2013/08/04 20:36:20 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2013/08/04 20:36:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2013/08/04 20:36:19 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2013/08/04 20:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2013/08/04 20:36:04 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2013/08/04 20:36:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2013/08/04 20:36:04 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2013/08/04 20:36:04 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2013/08/04 20:36:04 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2013/08/04 20:36:04 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2013/08/04 20:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2013/08/04 20:36:02 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2013/08/04 20:36:01 | 000,655,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2013/08/04 20:36:01 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2013/08/04 20:36:01 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2013/08/04 20:36:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2013/08/04 20:36:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2013/08/04 20:36:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2013/08/04 20:36:01 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2013/08/04 20:36:00 | 000,161,792 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2013/08/04 20:36:00 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2013/08/04 20:36:00 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2013/08/04 20:36:00 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2013/08/04 20:36:00 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2013/08/04 20:36:00 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2013/08/04 20:36:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2013/08/04 20:35:59 | 000,428,032 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2013/08/04 20:35:58 | 000,956,928 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2013/08/04 20:35:58 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2013/08/04 20:35:58 | 000,011,776 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2013/08/04 20:35:57 | 000,110,592 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2013/08/04 20:35:57 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2013/08/04 20:35:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2013/08/04 20:35:54 | 000,539,648 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2013/08/04 20:35:47 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2013/08/04 20:35:47 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2013/08/04 20:35:47 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2013/08/04 20:35:47 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2013/08/04 20:35:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2013/08/04 20:35:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/07 01:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/07 01:39:24 | 000,563,461 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Jane Doe\Desktop\JRT.exe
[2013/08/07 01:31:06 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Jane Doe\Desktop\esetsmartinstaller_enu.exe
[2013/08/07 01:29:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane Doe\Desktop\OTL.exe
[2013/08/07 01:27:24 | 000,666,633 | ---- | M] () -- C:\Documents and Settings\Jane Doe\Desktop\AdwCleaner.exe
[2013/08/07 01:11:44 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/08/07 01:11:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/06 17:56:20 | 000,000,569 | -H-- | M] () -- C:\WINDOWS\System32\BTImages.dat
[2013/08/06 17:49:48 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/06 17:49:48 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/06 17:48:14 | 000,417,513 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2013/08/06 17:48:05 | 000,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/06 17:30:04 | 000,891,098 | ---- | M] () -- C:\Documents and Settings\Jane Doe\Desktop\SecurityCheck.exe
[2013/08/06 17:19:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/08/05 21:57:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/08/05 20:57:25 | 005,100,695 | R--- | M] (Swearware) -- C:\Documents and Settings\Jane Doe\Desktop\cheese.exe
[2013/08/05 19:31:24 | 013,399,154 | ---- | M] () -- C:\Documents and Settings\Jane Doe\My Documents\mbar-1.06.0.1004.zip
[2013/08/05 19:07:50 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jane Doe\Desktop\tdsskiller.exe
[2013/08/05 15:34:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/05 12:43:59 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Jane Doe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/05 12:34:50 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Jane Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2013/08/05 12:04:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/08/05 12:04:28 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/08/05 11:58:36 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/05 11:22:10 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/08/05 11:21:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2013/08/05 10:55:44 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/05 03:44:41 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/05 03:44:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/05 03:34:38 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Jane Doe\Desktop\DivX Movies.lnk
[2013/08/05 02:17:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\msicpl.ini
[2013/08/05 00:59:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/08/04 23:43:48 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Jane Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/08/04 23:43:45 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/08/04 21:51:48 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2013/08/04 21:51:48 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2013/08/04 21:40:37 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2013/08/04 21:39:07 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk
[2013/08/04 21:35:48 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2013/08/04 21:29:00 | 000,063,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\Si3112r.PNF
[2013/08/04 21:29:00 | 000,020,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\INFCACHE.1
[2013/08/04 21:29:00 | 000,012,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\adpu320.PNF
[2013/08/04 21:29:00 | 000,012,204 | ---- | M] () -- C:\WINDOWS\System32\drivers\nvraid.PNF
[2013/08/04 21:29:00 | 000,010,828 | ---- | M] () -- C:\WINDOWS\System32\drivers\iaAHCI.PNF
[2013/08/04 21:29:00 | 000,009,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\iaStor.PNF
[2013/08/04 21:29:00 | 000,007,280 | ---- | M] () -- C:\WINDOWS\System32\drivers\viamraid.PNF
[2013/08/04 21:29:00 | 000,006,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\SiSRaid.PNF
[2013/08/04 20:53:32 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jane Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/08/04 20:50:06 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2013/08/04 20:46:41 | 000,000,237 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2013/08/04 20:40:19 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/08/04 20:40:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/08/04 20:40:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/08/04 20:40:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2013/08/04 20:40:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2013/08/04 20:40:07 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2013/08/04 20:37:16 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/08/04 20:35:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/07 01:27:24 | 000,666,633 | ---- | C] () -- C:\Documents and Settings\Jane Doe\Desktop\AdwCleaner.exe
[2013/08/06 17:56:20 | 000,000,569 | -H-- | C] () -- C:\WINDOWS\System32\BTImages.dat
[2013/08/06 17:46:40 | 000,417,513 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2013/08/06 17:30:04 | 000,891,098 | ---- | C] () -- C:\Documents and Settings\Jane Doe\Desktop\SecurityCheck.exe
[2013/08/05 21:57:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/08/05 21:57:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/08/05 21:52:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/08/05 21:52:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/08/05 21:52:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/08/05 21:52:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/08/05 21:52:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/08/05 19:31:24 | 013,399,154 | ---- | C] () -- C:\Documents and Settings\Jane Doe\My Documents\mbar-1.06.0.1004.zip
[2013/08/05 15:34:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/05 12:34:50 | 000,002,345 | ---- | C] () -- C:\Documents and Settings\Jane Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2013/08/05 11:21:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2013/08/05 11:15:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/08/05 11:15:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2013/08/05 04:28:44 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Jane Doe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/05 03:44:42 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/05 03:34:38 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Jane Doe\Desktop\DivX Movies.lnk
[2013/08/05 02:17:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2013/08/05 02:02:09 | 000,219,669 | ---- | C] () -- C:\WINDOWS\System32\nvdspchs.chm
[2013/08/05 02:02:09 | 000,213,493 | ---- | C] () -- C:\WINDOWS\System32\nvdspcht.chm
[2013/08/05 02:02:09 | 000,182,038 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2013/08/05 02:02:09 | 000,139,792 | ---- | C] () -- C:\WINDOWS\System32\nv3dcht.chm
[2013/08/05 02:02:09 | 000,134,133 | ---- | C] () -- C:\WINDOWS\System32\nv3dchs.chm
[2013/08/05 02:02:09 | 000,124,817 | ---- | C] () -- C:\WINDOWS\System32\nvcplcht.chm
[2013/08/05 02:02:09 | 000,124,229 | ---- | C] () -- C:\WINDOWS\System32\nvcplchs.chm
[2013/08/05 02:02:09 | 000,059,261 | ---- | C] () -- C:\WINDOWS\System32\nvmobcht.chm
[2013/08/05 02:02:09 | 000,058,607 | ---- | C] () -- C:\WINDOWS\System32\nvmobchs.chm
[2013/08/05 02:02:08 | 000,220,312 | ---- | C] () -- C:\WINDOWS\System32\nvdsptha.chm
[2013/08/05 02:02:08 | 000,210,720 | ---- | C] () -- C:\WINDOWS\System32\nvdsptrk.chm
[2013/08/05 02:02:08 | 000,206,105 | ---- | C] () -- C:\WINDOWS\System32\nvdspslv.chm
[2013/08/05 02:02:08 | 000,195,910 | ---- | C] () -- C:\WINDOWS\System32\nvdspsve.chm
[2013/08/05 02:02:08 | 000,137,045 | ---- | C] () -- C:\WINDOWS\System32\nv3dtha.chm
[2013/08/05 02:02:08 | 000,133,761 | ---- | C] () -- C:\WINDOWS\System32\nv3dtrk.chm
[2013/08/05 02:02:08 | 000,128,913 | ---- | C] () -- C:\WINDOWS\System32\nv3dslv.chm
[2013/08/05 02:02:08 | 000,128,148 | ---- | C] () -- C:\WINDOWS\System32\nvcpltha.chm
[2013/08/05 02:02:08 | 000,126,892 | ---- | C] () -- C:\WINDOWS\System32\nvcpltrk.chm
[2013/08/05 02:02:08 | 000,124,964 | ---- | C] () -- C:\WINDOWS\System32\nvcplslv.chm
[2013/08/05 02:02:08 | 000,122,675 | ---- | C] () -- C:\WINDOWS\System32\nvcplsve.chm
[2013/08/05 02:02:08 | 000,118,734 | ---- | C] () -- C:\WINDOWS\System32\nv3dsve.chm
[2013/08/05 02:02:08 | 000,059,225 | ---- | C] () -- C:\WINDOWS\System32\nvmobtha.chm
[2013/08/05 02:02:08 | 000,057,450 | ---- | C] () -- C:\WINDOWS\System32\nvmobtrk.chm
[2013/08/05 02:02:08 | 000,057,380 | ---- | C] () -- C:\WINDOWS\System32\nvmobslv.chm
[2013/08/05 02:02:08 | 000,055,693 | ---- | C] () -- C:\WINDOWS\System32\nvmobsve.chm
[2013/08/05 02:02:07 | 000,217,076 | ---- | C] () -- C:\WINDOWS\System32\nvdspsky.chm
[2013/08/05 02:02:07 | 000,214,210 | ---- | C] () -- C:\WINDOWS\System32\nvdsprus.chm
[2013/08/05 02:02:07 | 000,205,816 | ---- | C] () -- C:\WINDOWS\System32\nvdspplk.chm
[2013/08/05 02:02:07 | 000,194,380 | ---- | C] () -- C:\WINDOWS\System32\nvdspptg.chm
[2013/08/05 02:02:07 | 000,189,104 | ---- | C] () -- C:\WINDOWS\System32\nvdspptb.chm
[2013/08/05 02:02:07 | 000,130,245 | ---- | C] () -- C:\WINDOWS\System32\nv3dplk.chm
[2013/08/05 02:02:07 | 000,129,550 | ---- | C] () -- C:\WINDOWS\System32\nv3dptg.chm
[2013/08/05 02:02:07 | 000,129,499 | ---- | C] () -- C:\WINDOWS\System32\nv3dsky.chm
[2013/08/05 02:02:07 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\nv3drus.chm
[2013/08/05 02:02:07 | 000,126,105 | ---- | C] () -- C:\WINDOWS\System32\nvcplsky.chm
[2013/08/05 02:02:07 | 000,125,181 | ---- | C] () -- C:\WINDOWS\System32\nvcplrus.chm
[2013/08/05 02:02:07 | 000,124,078 | ---- | C] () -- C:\WINDOWS\System32\nvcplptb.chm
[2013/08/05 02:02:07 | 000,124,044 | ---- | C] () -- C:\WINDOWS\System32\nvcplptg.chm
[2013/08/05 02:02:07 | 000,124,019 | ---- | C] () -- C:\WINDOWS\System32\nvcplplk.chm
[2013/08/05 02:02:07 | 000,118,410 | ---- | C] () -- C:\WINDOWS\System32\nv3dptb.chm
[2013/08/05 02:02:07 | 000,057,545 | ---- | C] () -- C:\WINDOWS\System32\nvmobsky.chm
[2013/08/05 02:02:07 | 000,057,376 | ---- | C] () -- C:\WINDOWS\System32\nvmobplk.chm
[2013/08/05 02:02:07 | 000,057,339 | ---- | C] () -- C:\WINDOWS\System32\nvmobrus.chm
[2013/08/05 02:02:07 | 000,055,946 | ---- | C] () -- C:\WINDOWS\System32\nvmobptb.chm
[2013/08/05 02:02:07 | 000,055,845 | ---- | C] () -- C:\WINDOWS\System32\nvmobptg.chm
[2013/08/05 02:02:06 | 000,251,599 | ---- | C] () -- C:\WINDOWS\System32\nvdspjpn.chm
[2013/08/05 02:02:06 | 000,224,281 | ---- | C] () -- C:\WINDOWS\System32\nvdspkor.chm
[2013/08/05 02:02:06 | 000,201,378 | ---- | C] () -- C:\WINDOWS\System32\nvdspita.chm
[2013/08/05 02:02:06 | 000,189,364 | ---- | C] () -- C:\WINDOWS\System32\nvdspnld.chm
[2013/08/05 02:02:06 | 000,189,041 | ---- | C] () -- C:\WINDOWS\System32\nvdspnor.chm
[2013/08/05 02:02:06 | 000,144,421 | ---- | C] () -- C:\WINDOWS\System32\nv3djpn.chm
[2013/08/05 02:02:06 | 000,132,251 | ---- | C] () -- C:\WINDOWS\System32\nv3dkor.chm
[2013/08/05 02:02:06 | 000,129,704 | ---- | C] () -- C:\WINDOWS\System32\nvcpljpn.chm
[2013/08/05 02:02:06 | 000,124,741 | ---- | C] () -- C:\WINDOWS\System32\nvcplkor.chm
[2013/08/05 02:02:06 | 000,124,148 | ---- | C] () -- C:\WINDOWS\System32\nvcplita.chm
[2013/08/05 02:02:06 | 000,122,809 | ---- | C] () -- C:\WINDOWS\System32\nvcplnld.chm
[2013/08/05 02:02:06 | 000,121,053 | ---- | C] () -- C:\WINDOWS\System32\nv3dita.chm
[2013/08/05 02:02:06 | 000,120,026 | ---- | C] () -- C:\WINDOWS\System32\nvcplnor.chm
[2013/08/05 02:02:06 | 000,119,706 | ---- | C] () -- C:\WINDOWS\System32\nv3dnor.chm
[2013/08/05 02:02:06 | 000,118,401 | ---- | C] () -- C:\WINDOWS\System32\nv3dnld.chm
[2013/08/05 02:02:06 | 000,060,357 | ---- | C] () -- C:\WINDOWS\System32\nvmobjpn.chm
[2013/08/05 02:02:06 | 000,059,061 | ---- | C] () -- C:\WINDOWS\System32\nvmobkor.chm
[2013/08/05 02:02:06 | 000,056,175 | ---- | C] () -- C:\WINDOWS\System32\nvmobita.chm
[2013/08/05 02:02:06 | 000,055,525 | ---- | C] () -- C:\WINDOWS\System32\nvmobnor.chm
[2013/08/05 02:02:06 | 000,055,475 | ---- | C] () -- C:\WINDOWS\System32\nvmobnld.chm
[2013/08/05 02:02:05 | 000,207,116 | ---- | C] () -- C:\WINDOWS\System32\nvdspheb.chm
[2013/08/05 02:02:05 | 000,203,902 | ---- | C] () -- C:\WINDOWS\System32\nvdsphun.chm
[2013/08/05 02:02:05 | 000,197,555 | ---- | C] () -- C:\WINDOWS\System32\nvdspesm.chm
[2013/08/05 02:02:05 | 000,196,421 | ---- | C] () -- C:\WINDOWS\System32\nvdspesn.chm
[2013/08/05 02:02:05 | 000,195,677 | ---- | C] () -- C:\WINDOWS\System32\nvdspfin.chm
[2013/08/05 02:02:05 | 000,189,184 | ---- | C] () -- C:\WINDOWS\System32\nvdspfra.chm
[2013/08/05 02:02:05 | 000,182,024 | ---- | C] () -- C:\WINDOWS\System32\nvdspeng.chm
[2013/08/05 02:02:05 | 000,132,088 | ---- | C] () -- C:\WINDOWS\System32\nv3dheb.chm
[2013/08/05 02:02:05 | 000,131,070 | ---- | C] () -- C:\WINDOWS\System32\nv3dhun.chm
[2013/08/05 02:02:05 | 000,126,196 | ---- | C] () -- C:\WINDOWS\System32\nvcplheb.chm
[2013/08/05 02:02:05 | 000,125,552 | ---- | C] () -- C:\WINDOWS\System32\nvcplhun.chm
[2013/08/05 02:02:05 | 000,124,544 | ---- | C] () -- C:\WINDOWS\System32\nvcplfin.chm
[2013/08/05 02:02:05 | 000,124,278 | ---- | C] () -- C:\WINDOWS\System32\nv3dfin.chm
[2013/08/05 02:02:05 | 000,124,138 | ---- | C] () -- C:\WINDOWS\System32\nvcplesm.chm
[2013/08/05 02:02:05 | 000,124,084 | ---- | C] () -- C:\WINDOWS\System32\nvcplesn.chm
[2013/08/05 02:02:05 | 000,122,227 | ---- | C] () -- C:\WINDOWS\System32\nvcplfra.chm
[2013/08/05 02:02:05 | 000,121,758 | ---- | C] () -- C:\WINDOWS\System32\nvcpleng.chm
[2013/08/05 02:02:05 | 000,119,315 | ---- | C] () -- C:\WINDOWS\System32\nv3dfra.chm
[2013/08/05 02:02:05 | 000,118,608 | ---- | C] () -- C:\WINDOWS\System32\nv3desm.chm
[2013/08/05 02:02:05 | 000,117,909 | ---- | C] () -- C:\WINDOWS\System32\nv3desn.chm
[2013/08/05 02:02:05 | 000,117,083 | ---- | C] () -- C:\WINDOWS\System32\nv3deng.chm
[2013/08/05 02:02:05 | 000,058,340 | ---- | C] () -- C:\WINDOWS\System32\nvmobheb.chm
[2013/08/05 02:02:05 | 000,057,512 | ---- | C] () -- C:\WINDOWS\System32\nvmobhun.chm
[2013/08/05 02:02:05 | 000,056,934 | ---- | C] () -- C:\WINDOWS\System32\nvmobfin.chm
[2013/08/05 02:02:05 | 000,056,087 | ---- | C] () -- C:\WINDOWS\System32\nvmobfra.chm
[2013/08/05 02:02:05 | 000,055,992 | ---- | C] () -- C:\WINDOWS\System32\nvmobesm.chm
[2013/08/05 02:02:05 | 000,055,669 | ---- | C] () -- C:\WINDOWS\System32\nvmobesn.chm
[2013/08/05 02:02:05 | 000,055,103 | ---- | C] () -- C:\WINDOWS\System32\nvmobeng.chm
[2013/08/05 02:02:04 | 000,220,768 | ---- | C] () -- C:\WINDOWS\System32\nvdspell.chm
[2013/08/05 02:02:04 | 000,197,544 | ---- | C] () -- C:\WINDOWS\System32\nvdspdeu.chm
[2013/08/05 02:02:04 | 000,188,707 | ---- | C] () -- C:\WINDOWS\System32\nvdspdan.chm
[2013/08/05 02:02:04 | 000,131,422 | ---- | C] () -- C:\WINDOWS\System32\nv3dell.chm
[2013/08/05 02:02:04 | 000,126,670 | ---- | C] () -- C:\WINDOWS\System32\nvcplell.chm
[2013/08/05 02:02:04 | 000,124,590 | ---- | C] () -- C:\WINDOWS\System32\nvcpldeu.chm
[2013/08/05 02:02:04 | 000,123,526 | ---- | C] () -- C:\WINDOWS\System32\nv3ddeu.chm
[2013/08/05 02:02:04 | 000,120,933 | ---- | C] () -- C:\WINDOWS\System32\nvcpldan.chm
[2013/08/05 02:02:04 | 000,118,926 | ---- | C] () -- C:\WINDOWS\System32\nv3ddan.chm
[2013/08/05 02:02:04 | 000,059,100 | ---- | C] () -- C:\WINDOWS\System32\nvmobell.chm
[2013/08/05 02:02:04 | 000,056,087 | ---- | C] () -- C:\WINDOWS\System32\nvmobdeu.chm
[2013/08/05 02:02:04 | 000,055,622 | ---- | C] () -- C:\WINDOWS\System32\nvmobdan.chm
[2013/08/05 02:02:03 | 000,219,156 | ---- | C] () -- C:\WINDOWS\System32\nvdspcsy.chm
[2013/08/05 02:02:03 | 000,200,405 | ---- | C] () -- C:\WINDOWS\System32\nvdspara.chm
[2013/08/05 02:02:03 | 000,181,895 | ---- | C] () -- C:\WINDOWS\System32\nvdsp.chm
[2013/08/05 02:02:03 | 000,128,958 | ---- | C] () -- C:\WINDOWS\System32\nv3dcsy.chm
[2013/08/05 02:02:03 | 000,128,544 | ---- | C] () -- C:\WINDOWS\System32\nv3dara.chm
[2013/08/05 02:02:03 | 000,125,735 | ---- | C] () -- C:\WINDOWS\System32\nvcplara.chm
[2013/08/05 02:02:03 | 000,124,067 | ---- | C] () -- C:\WINDOWS\System32\nvcplcsy.chm
[2013/08/05 02:02:03 | 000,121,529 | ---- | C] () -- C:\WINDOWS\System32\nvcpl.chm
[2013/08/05 02:02:03 | 000,116,384 | ---- | C] () -- C:\WINDOWS\System32\nv3d.chm
[2013/08/05 02:02:03 | 000,057,387 | ---- | C] () -- C:\WINDOWS\System32\nvmobcsy.chm
[2013/08/05 02:02:03 | 000,057,328 | ---- | C] () -- C:\WINDOWS\System32\nvmobara.chm
[2013/08/05 02:02:03 | 000,054,988 | ---- | C] () -- C:\WINDOWS\System32\nvmob.chm
[2013/08/05 02:02:03 | 000,018,818 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2013/08/05 01:04:25 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2013/08/05 01:04:25 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2013/08/05 01:04:25 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2013/08/05 01:04:25 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2013/08/05 01:04:24 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2013/08/05 01:04:24 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2013/08/05 01:04:24 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2013/08/05 01:04:24 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2013/08/05 01:04:24 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2013/08/05 01:04:24 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2013/08/05 01:04:24 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2013/08/05 01:04:24 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2013/08/05 01:04:24 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2013/08/05 01:04:24 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2013/08/05 01:04:24 | 000,069,612 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2013/08/05 01:04:24 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2013/08/05 01:04:24 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2013/08/05 01:04:23 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2013/08/05 01:04:23 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2013/08/05 01:04:23 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2013/08/05 01:04:23 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2013/08/05 01:04:23 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2013/08/05 01:04:23 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2013/08/05 01:04:23 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2013/08/05 01:04:23 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2013/08/05 01:04:23 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2013/08/05 01:04:23 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2013/08/05 01:04:23 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2013/08/05 01:04:23 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2013/08/05 01:04:23 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2013/08/05 01:04:23 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2013/08/05 01:04:22 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2013/08/05 01:04:22 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2013/08/05 01:04:22 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2013/08/05 01:04:22 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2013/08/05 01:04:22 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2013/08/05 01:04:22 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2013/08/05 01:04:22 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2013/08/05 01:04:22 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2013/08/05 01:04:22 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2013/08/05 01:04:22 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2013/08/05 01:04:22 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2013/08/05 01:04:22 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2013/08/05 01:04:22 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2013/08/05 01:04:22 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2013/08/05 01:04:22 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2013/08/05 01:04:22 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2013/08/05 01:04:22 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2013/08/05 01:04:22 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2013/08/05 01:04:22 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2013/08/05 01:04:22 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2013/08/05 01:04:22 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2013/08/05 01:04:22 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2013/08/05 01:04:22 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2013/08/05 01:04:21 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2013/08/05 01:04:21 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2013/08/05 01:04:21 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2013/08/05 01:04:21 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2013/08/05 01:04:21 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2013/08/05 01:04:21 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2013/08/05 01:04:21 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2013/08/05 01:04:21 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2013/08/05 01:04:21 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2013/08/05 01:04:21 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2013/08/05 01:04:20 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2013/08/05 01:04:20 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2013/08/05 01:04:20 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2013/08/05 01:04:20 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2013/08/05 01:04:20 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2013/08/05 01:04:19 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2013/08/05 01:04:19 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2013/08/05 01:04:19 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2013/08/05 01:04:19 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2013/08/05 01:04:19 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2013/08/05 01:04:19 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2013/08/05 01:04:19 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2013/08/05 01:04:19 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2013/08/05 01:04:19 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2013/08/05 01:04:19 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2013/08/05 01:04:19 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2013/08/05 00:59:24 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2013/08/05 00:59:23 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2013/08/05 00:59:22 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2013/08/04 23:43:47 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Jane Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/08/04 23:43:45 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/08/04 23:43:45 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/08/04 22:57:59 | 000,064,896 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/08/04 21:51:48 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2013/08/04 21:51:47 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2013/08/04 21:41:31 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2013/08/04 21:39:06 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk
[2013/08/04 21:39:05 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2013/08/04 21:35:48 | 000,002,422 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2013/08/04 21:29:00 | 000,063,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\Si3112r.PNF
[2013/08/04 21:29:00 | 000,020,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\INFCACHE.1
[2013/08/04 21:29:00 | 000,012,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\adpu320.PNF
[2013/08/04 21:29:00 | 000,012,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvraid.PNF
[2013/08/04 21:29:00 | 000,010,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaAHCI.PNF
[2013/08/04 21:29:00 | 000,009,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.PNF
[2013/08/04 21:29:00 | 000,007,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\viamraid.PNF
[2013/08/04 21:29:00 | 000,006,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SiSRaid.PNF
[2013/08/04 21:28:23 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/08/04 21:28:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/08/04 21:28:18 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2013/08/04 21:28:18 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2013/08/04 21:28:17 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2013/08/04 21:28:16 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2013/08/04 21:27:59 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2013/08/04 21:27:48 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2013/08/04 21:27:48 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2013/08/04 21:27:48 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2013/08/04 21:27:48 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2013/08/04 21:27:48 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2013/08/04 21:27:48 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2013/08/04 21:27:48 | 000,007,506 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2013/08/04 21:27:48 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2013/08/04 21:26:44 | 000,096,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/04 21:25:55 | 000,000,327 | RHS- | C] () -- C:\boot.ini
[2013/08/04 21:25:52 | 000,000,237 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2013/08/04 20:53:32 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Jane Doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/08/04 20:51:42 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Jane Doe\Start Menu\Programs\Remote Assistance.lnk
[2013/08/04 20:50:06 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2013/08/04 20:46:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/04 20:46:04 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2013/08/04 20:45:51 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2013/08/04 20:45:45 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2013/08/04 20:45:44 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2013/08/04 20:45:43 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2013/08/04 20:45:36 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2013/08/04 20:45:32 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2013/08/04 20:45:20 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2013/08/04 20:43:29 | 000,017,638 | ---- | C] () -- C:\WINDOWS\System32\OEMLOGO.BMP
[2013/08/04 20:43:29 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2013/08/04 20:40:19 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/08/04 20:40:19 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/08/04 20:40:19 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/08/04 20:40:19 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2013/08/04 20:40:19 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2013/08/04 20:40:15 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/08/04 20:40:15 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/08/04 20:40:14 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2013/08/04 20:39:12 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2013/08/04 20:39:01 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2013/08/04 20:38:30 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2013/08/04 20:38:30 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2013/08/04 20:38:24 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2013/08/04 20:37:18 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2013/08/04 20:37:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/08/04 20:36:27 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2013/08/04 20:36:27 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2013/08/04 20:36:26 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2013/08/04 20:36:19 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
 
========== ZeroAccess Check ==========
 
[2013/08/04 20:52:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

[computer_is_dave]

OTL Extras logfile created on: 07/08/2013 01:48:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Jane Doe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 70.82% Memory free
3.84 Gb Paging File | 3.42 Gb Available in Paging File | 88.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 221.34 Gb Free Space | 95.04% Space Free | Partition Type: NTFS
 
Computer Name: DAVE | User Name: Jane Doe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1004336348-602609370-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{253E469A-8F3D-487E-82C9-B9EB66044022}" = Wireless USB utility V1.01
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85a8b2e4-0070-4c50-b53e-d27366672d34}" = Nero 9 Essentials
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AE9EB1AB-3197-456B-9E84-3FC53B4B6E4B}" = ZoneAlarm Antivirus
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C47B36EC-0639-4462-A9CE-7809CF2F6100}" = ZoneAlarm Security
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4FB136D-2802-4578-A023-E7243BD0D7D5}" = ZoneAlarm Firewall
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"7-Zip" = 7-Zip 9.22beta
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 5.0.8
"DivX Setup" = DivX Setup
"DualCoreCenter_is1" = DualCoreCenter
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
 
========== Last 20 Event Log Errors ==========