Jump to content

Serious problems, I cant get to delete the viruses


SLRS

Recommended Posts

Hello everyone, My Antiviruses been detecting many viruses that I thought removed then, but When i try to verify that fact with another Antivirus, I simply find out that the virus has already infected the other anntivirus.

I Post a log file from HijackThis, I only could find 1 weird line written in the end, but I believe there is others, also, I don't even know how to remove what i Have find. :)

Thanks in advance. :)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:25:01, on 11/16/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\Program Files\VentSrv\ventrilo_srv.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Ventrilo\Ventrilo.exe

C:\S4League\patcher_s4.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Speccy\Speccy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

C:\Program Files\CCleaner\CCleaner.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 0

R3 - URLSearchHook: (no name) - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)

O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O3 - Toolbar: (no name) - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - (no file)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: SYSTRAN Lookup - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js

O8 - Extra context menu item: SYSTRAN Translate - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

O16 - DPF: {2AD0C02D-3A2E-4192-BD8A-19C89BD0DFF1} (connectionClub Control) - file:///C:/Documents%20and%20Settings/All%20Users/Application%20Data/Skype/Plugins/Plugins/263AF18BA8E6473194D1E386FDADB7DE/4USclub.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_20) -

O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} -

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) -

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: 05355 - Unknown owner - \\88.174.32.83\S$\wmsoft41354.exe (file missing)

O23 - Service: Apache2.2 - Unknown owner - c:\xampp\apache\bin\apache.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: COM+ Event Service (SENSVC) - Unknown owner - C:\WINDOWS\system32\sensvc.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 8922 bytes

Following lines weird in my eyes :

O23 - Service: 05355 - Unknown owner - \\88.174.32.83\S$\wmsoft41354.exe (file missing)

Link to post
Share on other sites

Hello SLRS

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Note since it is in rar format and if you do not have anyhting that will open it then you can download 7 zip and use it to extract the data it can be found
here:
Right click on the .rar file and choose extract files.
Double-click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it, typically your desktop. Click Close
Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Hello,

sorry for the slow answer, here are the contents of the files you asked me for

color="#FF0000"]OTL

OTL logfile created on: 11/16/2010 10:39:52 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free

5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 462.53 Gb Total Space | 194.54 Gb Free Space | 42.06% Space Free | Partition Type: NTFS

Computer Name: SKYLINE | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

PRC - C:\WINDOWS\system32\sensvc.exe ()

PRC - C:\WINDOWS\system32\PAStiSvc.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (wscsvc) -- C:\WINDOWS\System32\wscsvc.dll File not found

SRV - (Apache2.2) -- c:\xampp\apache\bin\apache.exe File not found

SRV - (05355) -- File not found

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll ()

SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (mi-raysat_3dsmax2010_32) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()

SRV - (NetCMan) -- C:\WINDOWS\system32\netcman.dll (Microsoft Corporation)

SRV - (NOD32FiXTemDono) -- C:\WINDOWS\System32\regedt32.exe (Microsoft Corporation)

SRV - (SENSVC) -- C:\WINDOWS\system32\sensvc.exe ()

SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (XPADFL02) -- C:\WINDOWS\System32\DRIVERS\xpadfl02.sys File not found

DRV - (XDva370) -- C:\WINDOWS\System32\XDva370.sys File not found

DRV - (XDva363) -- C:\WINDOWS\System32\XDva363.sys File not found

DRV - (XDva362) -- C:\WINDOWS\System32\XDva362.sys File not found

DRV - (XDva359) -- C:\WINDOWS\System32\XDva359.sys File not found

DRV - (XDva358) -- C:\WINDOWS\System32\XDva358.sys File not found

DRV - (XDva354) -- C:\WINDOWS\System32\XDva354.sys File not found

DRV - (XDva352) -- C:\WINDOWS\System32\XDva352.sys File not found

DRV - (XDva351) -- C:\WINDOWS\System32\XDva351.sys File not found

DRV - (XDva349) -- C:\WINDOWS\System32\XDva349.sys File not found

DRV - (XDva347) -- C:\WINDOWS\System32\XDva347.sys File not found

DRV - (XDva346) -- C:\WINDOWS\System32\XDva346.sys File not found

DRV - (XDva343) -- C:\WINDOWS\System32\XDva343.sys File not found

DRV - (XDva342) -- C:\WINDOWS\System32\XDva342.sys File not found

DRV - (XDva341) -- C:\WINDOWS\System32\XDva341.sys File not found

DRV - (XDva337) -- C:\WINDOWS\System32\XDva337.sys File not found

DRV - (XDva332) -- C:\WINDOWS\System32\XDva332.sys File not found

DRV - (XDva328) -- C:\WINDOWS\System32\XDva328.sys File not found

DRV - (USBAAPL) -- C:\WINDOWS\System32\Drivers\usbaapl.sys File not found

DRV - (scrcap) -- C:\WINDOWS\System32\DRIVERS\scrcap.sys File not found

DRV - (PAC207) -- C:\WINDOWS\System32\DRIVERS\pfc027.sys File not found

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found

DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found

DRV - (fgdxbus) -- C:\WINDOWS\System32\DRIVERS\fgdxbus.sys File not found

DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found

DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found

DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)

DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)

DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (RsFx0103) -- C:\WINDOWS\system32\drivers\RsFx0103.sys (Microsoft Corporation)

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (LGII2CDevice) -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys ()

DRV - (LGDDCDevice) -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys ()

DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)

DRV - (KMWDFILTER) -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (camfilt2) -- C:\WINDOWS\system32\drivers\camfilt2.sys (Guillemot Corporation)

DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()

DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project)

DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)

DRV - (FGXSCSI) -- C:\WINDOWS\system32\DRIVERS\fgxscsi.sys (FarStone Inc.)

DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys ()

DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)

DRV - (ASPI) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"

FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12

FF - HKLM\software\mozilla\lolifox 0.3.6\extensions\\Components: C:\Program Files\lolifox\components [2010/09/19 17:18:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\lolifox 0.3.6\extensions\\Plugins: C:\Program Files\lolifox\plugins [2010/07/11 15:13:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/07 23:00:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/31 18:24:38 | 000,000,000 | ---D | M]

[2010/03/21 13:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/03/21 13:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/02/08 19:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com

[2010/11/16 03:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions

[2010/11/07 23:01:19 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

[2010/10/07 19:41:31 | 000,000,000 | ---D | M] (smscut Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}

[2010/06/25 11:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}

[2010/11/16 03:18:09 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}

[2010/09/19 01:45:19 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2010/05/03 19:28:26 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

[2010/06/26 11:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

[2010/11/07 23:01:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/10/09 00:45:32 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010/09/25 09:15:08 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

[2010/08/12 02:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\en-AU@dictionaries.addons.mozilla.org

[2010/08/12 02:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\en-CA@dictionaries.addons.mozilla.org

[2010/08/12 02:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2010/10/07 19:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\en-US@dictionaries.addons.mozilla.org

[2010/09/25 09:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\foxyproxy@eric.h.jung

[2010/10/07 19:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\nl-NL@dictionaries.addons.mozilla.org

[2010/06/19 08:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\piclens@cooliris.com

[2010/06/19 08:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\piclens@cooliris.com-trash

[2010/07/24 01:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\runtime@panda3d.org

[2010/08/18 16:28:06 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\searchplugins\conduit.xml

[2010/11/16 03:18:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/31 18:24:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/10/18 19:41:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/05/28 09:32:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/03 10:17:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2010/10/27 07:10:18 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/10/27 07:10:20 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/05/28 09:32:05 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/07/11 15:12:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

[2009/02/06 12:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

[2009/11/10 02:30:56 | 000,189,592 | ---- | M] (MGame) -- C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll

[2010/10/27 07:10:21 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

[2010/03/09 17:44:58 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2010/03/09 17:45:10 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

[2010/03/09 17:44:47 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2010/10/27 05:49:27 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/10/27 05:49:27 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/10/27 05:49:27 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/10/27 05:49:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/10/27 05:49:27 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/10/27 05:49:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/10/27 05:49:27 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/09/06 16:15:43 | 000,416,778 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14388 more lines...

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (no name) - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - No CLSID value found.

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - No CLSID value found.

O3 - HKLM\..\Toolbar: (SYSTRAN Toolbar) - {95daa571-4def-4a6d-97d8-98a346672a24} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [iSUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found

O4 - HKLM..\RunOnceEx: [Title] File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 256

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm ()

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: SYSTRAN Lookup - C:\Program Files\SYSTRAN\6\GUIres.dll ()

O8 - Extra context menu item: SYSTRAN Translate - C:\Program Files\SYSTRAN\6\GUIres.dll ()

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk File not found

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\PrxerNsp.dll (Initex Software)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} Reg Error: Value error. (Windows Genuine Advantage Validation Tool)

O16 - DPF: {2AD0C02D-3A2E-4192-BD8A-19C89BD0DFF1} file:///C:/Documents%20and%20Settings/All%20Users/Application%20Data/Skype/Plugins/Plugins/263AF18BA8E6473194D1E386FDADB7DE/4USclub.cab (connectionClub Control)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/10/24 16:38:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{010f148c-8dd6-11df-a4b0-001fd0245e62}\Shell\Auto\command - "" = K:\launcher.exe -- File not found

O33 - MountPoints2\{010f148c-8dd6-11df-a4b0-001fd0245e62}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{010f148c-8dd6-11df-a4b0-001fd0245e62}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/09/09 12:15:15 | 008,462,336 | ---- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/16 10:37:03 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010/11/16 03:21:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2010/11/15 23:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\New Folder

[2010/11/14 11:26:02 | 000,000,000 | ---D | C] -- C:\ToolBar SD

[2010/11/14 11:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Noob account

[2010/11/12 14:58:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/12 14:58:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/12 14:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/12 14:50:34 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll

[2010/11/12 14:50:19 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll

[2010/11/12 14:49:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx

[2010/11/12 14:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services

[2010/11/12 14:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2010/11/12 14:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual Studio 2010

[2010/11/12 14:44:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\symbols

[2010/11/12 14:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0

[2010/11/12 14:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs

[2010/11/12 14:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer

[2010/11/12 14:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules

[2010/11/11 14:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\MicroVolts

[2010/11/10 16:07:46 | 000,000,000 | ---D | C] -- C:\bb2a487c38577ce17440bb1c

[2010/11/09 23:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Gens32_Surreal_v1_86_HD

[2010/11/09 20:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\EndlessOnline

[2010/11/09 14:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Euro Truck Simulator

[2010/11/09 14:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\LOTROEU_Enedwaith_EN_GB_Installer

[2010/11/09 13:07:32 | 000,000,000 | ---D | C] -- C:\Games

[2010/11/02 15:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SKIDROW

[2010/11/02 15:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PhotoFiltre Studio X

[2010/11/02 15:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoFiltre Studio X

[2010/10/31 18:23:41 | 008,567,280 | ---- | C] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\Firefox Setup 3.6.12.exe

[2010/10/18 20:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Protech1Inc

[2010/10/18 20:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\4USclub

[2010/10/18 20:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Earlybird_Applications

[2010/10/18 20:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Earlybird Applications

[2010/10/18 20:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\Iteral

[2010/10/18 20:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\TalkAndWrite

[2010/10/18 20:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TalkAndWrite

[2010/10/18 19:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2010/10/18 19:40:04 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2010/10/18 19:25:20 | 000,955,784 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Administrator\Desktop\SkypeSetup.exe

[2010/10/18 19:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\PokerTH-0.8.1

[2010/10/18 19:16:10 | 019,837,920 | ---- | C] (www.pokerth.net) -- C:\Documents and Settings\Administrator\Desktop\PokerTH-0.8.1-windows-installer.exe

[2010/06/03 17:42:14 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

[2010/06/03 17:42:13 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/16 10:40:31 | 000,087,354 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\20071210_182632_rku37300509.rar

[2010/11/16 10:40:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{41D25108-1454-446C-824C-299138AA2983}.job

[2010/11/16 10:37:50 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-113007714-1417001333-500.job

[2010/11/16 10:37:49 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-113007714-1417001333-500.job

[2010/11/16 10:36:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010/11/16 10:34:11 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{875AEC90-6EC8-4C97-A207-23F3807570FD}.job

[2010/11/16 10:33:34 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job

[2010/11/16 10:33:34 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-113007714-1417001333-1003.job

[2010/11/16 10:33:32 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-113007714-1417001333-1004.job

[2010/11/16 10:33:32 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-113007714-1417001333-1008.job

[2010/11/16 10:32:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/16 10:32:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/16 03:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/11/16 00:48:55 | 004,824,898 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\05 Round Round.mp3

[2010/11/16 00:48:03 | 000,014,556 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\Folder.jpg

[2010/11/16 00:48:03 | 000,014,556 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{083FAEB2-71DC-4423-BFD6-76B7F132A56A}_Large.jpg

[2010/11/16 00:48:02 | 000,003,359 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArtSmall.jpg

[2010/11/16 00:48:02 | 000,003,359 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{083FAEB2-71DC-4423-BFD6-76B7F132A56A}_Small.jpg

[2010/11/16 00:38:44 | 001,127,134 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Break Up.mp3

[2010/11/16 00:38:23 | 005,654,656 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Far_East_Movement_-_Girls_On_the_Dancefloor.mp3

[2010/11/16 00:38:09 | 005,235,160 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Far East Movement - Boom Shake.mp3

[2010/11/15 14:54:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/11/15 14:35:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-113007714-1417001333-1003.job

[2010/11/15 13:30:42 | 000,115,033 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_15112010_153108.png

[2010/11/15 13:25:25 | 000,801,289 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_15112010_152533.png

[2010/11/14 22:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job

[2010/11/13 20:23:36 | 001,343,489 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_13112010_222026.png

[2010/11/13 20:22:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat

[2010/11/13 19:45:40 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/11/13 17:51:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job

[2010/11/13 04:23:51 | 000,002,725 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\New Text Document (7).nfo

[2010/11/12 21:49:14 | 000,134,261 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_12112010_224909.png

[2010/11/12 19:42:37 | 000,225,244 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_194246.jpg

[2010/11/12 19:25:33 | 000,224,451 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_192539.jpg

[2010/11/12 19:24:23 | 000,224,213 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_192416.jpg

[2010/11/12 19:22:23 | 000,231,704 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_191245.jpg

[2010/11/12 19:22:23 | 000,230,107 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_191243.jpg

[2010/11/12 19:22:22 | 000,239,700 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_191239.jpg

[2010/11/12 19:22:22 | 000,229,191 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_191241.jpg

[2010/11/12 17:53:38 | 000,000,074 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\keys.nfo

[2010/11/12 15:05:38 | 001,053,841 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\090923213102_6.jpg

[2010/11/12 14:58:42 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/12 14:50:35 | 000,642,540 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/12 14:50:34 | 000,134,100 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/12 14:48:38 | 001,374,669 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_12112010_154819.png

[2010/11/12 14:36:25 | 001,240,587 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\100401205643_7.jpg

[2010/11/11 14:12:46 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MicroVolts.lnk

[2010/11/11 01:56:36 | 001,174,956 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Craig Armstrong - World Trade Center Piano Theme.mp3

[2010/11/11 00:35:58 | 000,028,974 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\New Text Document (6).nfo

[2010/11/10 15:19:31 | 005,960,860 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\408c68474b546ed8a8b7debf2dba075a.mp3

[2010/11/10 15:18:35 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\2729838_Red__Fight_Inside.mp3

[2010/11/09 23:14:21 | 005,992,703 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\GenRoms.rar

[2010/11/09 23:12:46 | 002,318,499 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Gens32_Surreal_v1_86_HD.rar

[2010/11/09 22:26:05 | 000,154,126 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_09112010_232548.png

[2010/11/09 15:27:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-113007714-1417001333-1004.job

[2010/11/09 14:27:47 | 000,001,816 | ---- | M] () -- C:\WINDOWS\TSearch.INI

[2010/11/09 14:27:36 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Resume Download of The Lord of the Rings Online.url

[2010/11/09 05:48:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/11/09 01:29:24 | 019,657,194 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1.1.4-win32.exe

[2010/11/07 20:41:21 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\untitled.bmp

[2010/11/07 14:52:00 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\New Text Document (5).nfo

[2010/11/06 22:58:23 | 000,013,287 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\20090125120218parabole.jpg

[2010/11/02 19:51:02 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CivilizationV.exe.lnk

[2010/11/02 15:32:45 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PhotoFiltre Studio X.lnk

[2010/11/01 15:22:11 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$rtificat de fin d.docx

[2010/10/31 23:40:17 | 000,048,844 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Could be better....JPG

[2010/10/31 23:26:14 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Info pour la preinscription.nfo

[2010/10/31 20:59:21 | 000,595,860 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_31102010_225956.png

[2010/10/31 20:56:09 | 000,585,754 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_31102010_225657.png

[2010/10/31 18:24:39 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/10/31 18:24:39 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/10/31 18:24:04 | 008,567,280 | ---- | M] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\Firefox Setup 3.6.12.exe

[2010/10/31 16:57:35 | 000,011,742 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Certificat de fin d.docx

[2010/10/31 15:53:55 | 005,776,991 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\01 Hips Don't Lie (Instrumental).mp3

[2010/10/31 10:08:11 | 004,878,720 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\02 The Way You Make Me Feel.mp3

[2010/10/31 10:08:10 | 003,563,110 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\03 Jai Ho! (You Are My Destiny).mp3

[2010/10/31 10:07:30 | 000,010,598 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{C03B257A-11B7-4E53-8564-B1EBB8EC9DEF}_Large.jpg

[2010/10/31 10:07:29 | 000,002,920 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{C03B257A-11B7-4E53-8564-B1EBB8EC9DEF}_Small.jpg

[2010/10/31 09:38:26 | 000,015,212 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{19D50E8C-01BD-458E-8356-8718BCD5D955}_Large.jpg

[2010/10/31 09:38:24 | 000,003,652 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{19D50E8C-01BD-458E-8356-8718BCD5D955}_Small.jpg

[2010/10/31 05:01:43 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\New Text Document (4).nfo

[2010/10/22 14:45:29 | 003,849,455 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cheryl Cole Feat Will.i.am 3 Words.mp3

[2010/10/19 21:49:23 | 003,466,694 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\TutorialFace2.jpg

[2010/10/19 21:45:29 | 000,036,887 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Image.jpg

[2010/10/19 19:40:33 | 000,143,520 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101019_193818.jpg

[2010/10/19 17:30:43 | 003,538,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/18 20:18:14 | 000,002,369 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Setup Ayevoice for Skype.lnk

[2010/10/18 20:08:46 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WhiteBoardMeeting.lnk

[2010/10/18 20:07:22 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TalkAndWrite.lnk

[2010/10/18 19:25:13 | 000,955,784 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Administrator\Desktop\SkypeSetup.exe

[2010/10/18 19:16:21 | 019,837,920 | ---- | M] (www.pokerth.net) -- C:\Documents and Settings\Administrator\Desktop\PokerTH-0.8.1-windows-installer.exe

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/16 10:40:31 | 000,087,354 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\20071210_182632_rku37300509.rar

[2010/11/16 00:48:03 | 000,014,556 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{083FAEB2-71DC-4423-BFD6-76B7F132A56A}_Large.jpg

[2010/11/16 00:48:03 | 000,003,359 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{083FAEB2-71DC-4423-BFD6-76B7F132A56A}_Small.jpg

[2010/11/16 00:38:35 | 001,127,134 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Break Up.mp3

[2010/11/16 00:38:14 | 005,654,656 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Far_East_Movement_-_Girls_On_the_Dancefloor.mp3

[2010/11/16 00:37:58 | 005,235,160 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Far East Movement - Boom Shake.mp3

[2010/11/16 00:36:31 | 004,824,898 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\05 Round Round.mp3

[2010/11/15 13:30:37 | 000,115,033 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_15112010_153108.png

[2010/11/15 13:25:07 | 000,801,289 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_15112010_152533.png

[2010/11/13 20:23:01 | 001,343,489 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_13112010_222026.png

[2010/11/13 04:23:45 | 000,002,725 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\New Text Document (7).nfo

[2010/11/12 21:49:12 | 000,134,261 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_12112010_224909.png

[2010/11/12 19:42:36 | 000,225,244 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_194246.jpg

[2010/11/12 19:25:31 | 000,224,451 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_192539.jpg

[2010/11/12 19:24:22 | 000,224,213 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_192416.jpg

[2010/11/12 19:22:19 | 000,239,700 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_191239.jpg

[2010/11/12 19:22:19 | 000,231,704 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_191245.jpg

[2010/11/12 19:22:19 | 000,230,107 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_191243.jpg

[2010/11/12 19:22:19 | 000,229,191 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_191241.jpg

[2010/11/12 17:51:10 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\keys.nfo

[2010/11/12 15:05:37 | 001,053,841 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\090923213102_6.jpg

[2010/11/12 14:58:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/12 14:48:23 | 001,374,669 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_12112010_154819.png

[2010/11/12 14:36:25 | 001,240,587 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\100401205643_7.jpg

[2010/11/11 14:12:46 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MicroVolts.lnk

[2010/11/11 01:56:33 | 001,174,956 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Craig Armstrong - World Trade Center Piano Theme.mp3

[2010/11/10 23:47:07 | 000,028,974 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\New Text Document (6).nfo

[2010/11/10 15:19:23 | 005,960,860 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\408c68474b546ed8a8b7debf2dba075a.mp3

[2010/11/10 15:18:34 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\2729838_Red__Fight_Inside.mp3

[2010/11/09 23:13:07 | 005,992,703 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\GenRoms.rar

[2010/11/09 23:12:14 | 002,318,499 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Gens32_Surreal_v1_86_HD.rar

[2010/11/09 22:26:02 | 000,154,126 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_09112010_232548.png

[2010/11/09 14:27:36 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Resume Download of The Lord of the Rings Online.url

[2010/11/09 01:29:12 | 019,657,194 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1.1.4-win32.exe

[2010/11/07 20:40:38 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\untitled.bmp

[2010/11/07 14:32:19 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\New Text Document (5).nfo

[2010/11/06 22:58:22 | 000,013,287 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\20090125120218parabole.jpg

[2010/11/02 15:32:45 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PhotoFiltre Studio X.lnk

[2010/11/01 15:22:11 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$rtificat de fin d.docx

[2010/10/31 23:40:17 | 000,048,844 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Could be better....JPG

[2010/10/31 23:26:08 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Info pour la preinscription.nfo

[2010/10/31 20:58:25 | 000,595,860 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_31102010_225956.png

[2010/10/31 20:55:27 | 000,585,754 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_31102010_225657.png

[2010/10/31 13:31:34 | 000,011,742 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Certificat de fin d.docx

[2010/10/31 10:07:34 | 000,010,598 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{C03B257A-11B7-4E53-8564-B1EBB8EC9DEF}_Large.jpg

[2010/10/31 10:07:34 | 000,002,920 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{C03B257A-11B7-4E53-8564-B1EBB8EC9DEF}_Small.jpg

[2010/10/31 10:05:01 | 004,878,720 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\02 The Way You Make Me Feel.mp3

[2010/10/31 10:04:45 | 005,776,991 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\01 Hips Don't Lie (Instrumental).mp3

[2010/10/31 09:38:28 | 000,015,212 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{19D50E8C-01BD-458E-8356-8718BCD5D955}_Large.jpg

[2010/10/31 09:38:28 | 000,014,556 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\Folder.jpg

[2010/10/31 09:38:28 | 000,003,652 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{19D50E8C-01BD-458E-8356-8718BCD5D955}_Small.jpg

[2010/10/31 09:38:28 | 000,003,359 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArtSmall.jpg

[2010/10/31 09:26:26 | 003,563,110 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\03 Jai Ho! (You Are My Destiny).mp3

[2010/10/31 03:48:36 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\New Text Document (4).nfo

[2010/10/19 21:49:22 | 003,466,694 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\TutorialFace2.jpg

[2010/10/19 21:45:28 | 000,036,887 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Image.jpg

[2010/10/19 19:40:30 | 000,143,520 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101019_193818.jpg

[2010/10/18 22:40:26 | 000,039,906 | ---- | C] () -- C:\Image45.jpg

[2010/10/18 22:39:08 | 000,038,009 | ---- | C] () -- C:\Image19.jpg

[2010/10/18 20:18:14 | 000,002,369 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Setup Ayevoice for Skype.lnk

[2010/10/18 20:08:46 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WhiteBoardMeeting.lnk

[2010/10/18 20:07:23 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\emfxp.dll

[2010/10/18 20:07:23 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\unpdf.exe

[2010/10/18 20:07:22 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TalkAndWrite.lnk

[2010/10/18 19:40:06 | 000,002,415 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/10/07 04:07:01 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\microday08.dll

[2010/10/07 04:06:58 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\mypath0079.dll

[2010/10/07 04:06:58 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\MTX0CI.dll

[2010/09/25 12:14:07 | 000,000,513 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Current.prx

[2010/08/22 15:46:06 | 000,000,275 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/08/20 01:24:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI

[2010/08/19 16:22:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat

[2010/08/19 05:23:03 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll

[2010/08/16 22:59:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache

[2010/08/10 00:54:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2010/08/06 03:17:36 | 095,922,664 | ---- | C] () -- C:\Program Files\pcsx2-r1888.rar

[2010/07/20 04:28:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\np_plugin.dll

[2010/07/18 04:37:45 | 000,702,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/07/16 17:46:52 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\config.ini

[2010/07/01 21:43:25 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GKLauncherInfo.ini

[2010/06/25 11:39:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI

[2010/06/16 17:47:32 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

[2010/06/16 15:23:29 | 000,878,080 | ---- | C] () -- C:\WINDOWS\System32\iconv.dll

[2010/06/16 15:23:29 | 000,721,920 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll

[2010/06/16 15:23:29 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\libxslt.dll

[2010/06/16 15:23:29 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\libexslt.dll

[2010/06/15 18:29:52 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Converter.INI

[2010/06/03 17:42:14 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys

[2010/06/03 17:42:14 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini

[2010/06/03 17:42:13 | 009,602,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys

[2010/05/31 16:25:37 | 000,000,033 | ---- | C] () -- C:\WINDOWS\render.ini

[2010/05/29 20:04:58 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll

[2010/05/24 15:10:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI

[2010/05/23 12:46:38 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys

[2010/05/22 10:10:19 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll

[2010/05/22 08:52:26 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/05/15 18:33:21 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll

[2010/05/02 17:20:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\asr32312.dll

[2010/05/02 17:20:38 | 000,000,070 | ---- | C] () -- C:\WINDOWS\HGSpeech.ini

[2010/05/02 17:19:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI

[2010/04/18 11:49:03 | 000,001,816 | ---- | C] () -- C:\WINDOWS\TSearch.INI

[2010/04/13 18:50:28 | 000,000,318 | ---- | C] () -- C:\WINDOWS\XTrapVa.INI

[2010/04/12 23:19:14 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys

[2010/03/21 12:06:45 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2010/02/28 16:17:48 | 003,284,480 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2010/02/26 20:25:53 | 000,000,203 | ---- | C] () -- C:\WINDOWS\GSdx9 sse2.INI

[2010/02/10 17:22:23 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2010/02/10 17:22:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2010/01/13 16:49:40 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll

[2010/01/03 20:53:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2009/11/06 09:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009/11/01 19:09:45 | 000,218,624 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/25 14:59:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009/10/25 14:22:45 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009/10/25 14:22:45 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009/10/24 18:25:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/10/24 16:56:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini

[2009/07/09 02:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll

[2008/11/05 13:42:45 | 000,062,400 | ---- | C] () -- C:\WINDOWS\System32\IFC.dll

[2008/11/05 13:41:56 | 000,422,848 | ---- | C] () -- C:\WINDOWS\System32\PPL.dll

[2008/04/14 11:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll

[2007/08/21 19:46:34 | 000,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

[2006/11/01 07:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2006/11/01 07:52:38 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2005/01/25 15:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207Usd.dll

[2003/09/23 13:40:34 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll

[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/03/24 07:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Atrise

[2010/10/03 18:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk

[2010/06/27 07:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BITS

[2010/10/06 19:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitSpirit

[2010/10/06 23:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent

[2010/06/27 11:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools

[2009/10/25 15:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite

[2009/10/29 18:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro

[2010/08/14 16:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DNA

[2010/05/26 15:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DWGeditor

[2010/10/18 20:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Earlybird Applications

[2010/08/22 16:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FarStone

[2010/10/06 17:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FireShot

[2010/06/25 11:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FlashGet

[2010/06/25 11:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FlashGetBHO

[2010/02/05 19:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit

[2010/05/09 12:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software

[2010/06/26 13:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreeAudioPack

[2010/07/27 12:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo

[2010/05/09 09:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0

[2010/04/13 20:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Hex-Rays

[2010/07/23 17:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ijjigame

[2010/05/26 22:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IM

[2010/08/16 00:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit

[2010/06/26 14:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\kyoku-senbi

[2010/05/04 09:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Megaupload

[2010/07/12 18:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MP-Manager

[2010/10/03 16:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\My Battle for Middle-earth II Files

[2010/10/02 10:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files

[2010/04/21 16:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++

[2010/07/20 04:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PamBot

[2010/11/02 15:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PhotoFiltre Studio X

[2010/06/20 22:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pokerth

[2010/06/10 06:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Publish Providers

[2010/06/11 06:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony

[2010/06/10 09:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony Creative Software

[2010/04/21 18:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Steganos VPN

[2010/05/22 10:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion

[2010/08/21 18:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SYSTRAN

[2010/09/23 20:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer

[2009/10/26 19:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\The Creative Assembly

[2010/03/26 00:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ubisoft

[2010/08/13 12:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue

[2010/09/21 23:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VDownloader

[2010/02/08 19:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vivox

[2010/03/24 07:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atrise

[2010/10/03 18:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2010/05/28 07:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bimesoft

[2010/10/04 12:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters

[2009/11/02 09:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2010/04/12 23:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2010/08/23 00:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier

[2009/10/24 17:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET

[2010/10/06 17:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com

[2010/02/05 20:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

[2010/06/29 09:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL

[2010/09/24 16:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon

[2010/09/24 16:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS

[2010/08/20 03:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

[2010/11/09 14:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2010/07/14 12:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2010/08/01 20:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm

[2010/08/11 16:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2010/06/10 06:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony

[2010/03/17 09:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit

[2010/09/25 09:16:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore

[2010/08/21 18:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTRAN

[2010/10/18 20:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TalkAndWrite

[2010/08/14 04:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/03/26 00:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2010/03/03 20:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010/11/09 05:48:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2010/11/16 03:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[2010/11/14 22:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

[2010/11/16 10:40:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{41D25108-1454-446C-824C-299138AA2983}.job

[2010/11/16 10:34:11 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{875AEC90-6EC8-4C97-A207-23F3807570FD}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:??????????

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BF268CC

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5

< End of report >

Link to post
Share on other sites

Extras

OTL Extras logfile created on: 11/16/2010 10:39:52 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free

5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 462.53 Gb Total Space | 194.54 Gb Free Space | 42.06% Space Free | Partition Type: NTFS

Computer Name: SKYLINE | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

http [open] -- C:\PROGRA~1\LOLIFOX\LOLIFOX.EXE -requestPending -osint -url "%1" (kyoku:senbi)

https [open] -- C:\PROGRA~1\LOLIFOX\LOLIFOX.EXE -requestPending -osint -url "%1" (kyoku:senbi)

jsfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UpdatesDisableNotify" = 0x00000000

"AntiVirusDisableNotify" = 0x00000000

"FirewallDisableNotify" = 0x00000000

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"57570:TCP" = 57570:TCP:*:Enabled:Pando Media Booster

"57570:UDP" = 57570:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp

"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp

"3306:TCP" = 3306:TCP:*:Disabled:MySQL Server

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

"6881:TCP" = 6881:TCP:*:Disabled:MySQL Server

"57570:TCP" = 57570:TCP:*:Enabled:Pando Media Booster

"57570:UDP" = 57570:UDP:*:Enabled:Pando Media Booster

"3784:TCP" = 3784:TCP:188.248.14.124/255.255.255.255:Enabled:Abadi

"1042:TCP" = 1042:TCP:*:Enabled:Akamai NetSession Interface

"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\adslTV\adsltv.exe" = C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsl TV (EXE) -- File not found

"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:adsl TV (VLC) -- ()

"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)

"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- ()

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)

"C:\Program Files\Autodesk\3ds Max Design 2010\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max Design 2010\3dsmax.exe:*:Disabled:Autodesk 3ds Max Design 2010 32-bit -- File not found

"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Disabled:backburner 2.3 manager -- File not found

"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Disabled:backburner 2.3 monitor -- File not found

"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Disabled:backburner 2.3 server -- File not found

"C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" = C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:*:Disabled:mental ray satellite server for Autodesk 3ds Max Design 2010 32-bit -- File not found

"C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe" = C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe:*:Disabled:OF Dragon Rising -- File not found

"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Disabled:PnkBstrA -- File not found

"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Disabled:PnkBstrB -- File not found

"C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\FreeJackDownloader.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\FreeJackDownloader.exe:*:Disabled:PT2Downloader -- File not found

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- (Microsoft Corporation)

"C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\FreeJackDownloader_0826.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\FreeJackDownloader_0826.exe:*:Enabled:PT2Downloader -- File not found

"C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.001\FreeJackDownloader_0826.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.001\FreeJackDownloader_0826.exe:*:Enabled:PT2Downloader -- File not found

"C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.002\FreeJackDownloader_0826.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.002\FreeJackDownloader_0826.exe:*:Enabled:PT2Downloader -- File not found

"C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.003\FreeJackDownloader_0826.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.003\FreeJackDownloader_0826.exe:*:Enabled:PT2Downloader -- File not found

"C:\Documents and Settings\SLRS\Local Settings\Temp\7ZipSfx.000\FreeJackDownloader_0826.exe" = C:\Documents and Settings\SLRS\Local Settings\Temp\7ZipSfx.000\FreeJackDownloader_0826.exe:*:Enabled:PT2Downloader -- (Game Bridger Inc)

"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Disabled:Battlefield: Bad Company

Link to post
Share on other sites

And, here is the Rootkit Unhooker report. :D

Report

RkUnhooker report generator v0.7

==============================================

Rootkit Unhooker kernel version: 3.7.300.509

==============================================

Windows Major Version: 5

Windows Minor Version: 1

Windows Build Number: 2600

==============================================

>Drivers

Driver: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

Address: 0xB72DA000

Size: 10604544 bytes

Driver: C:\WINDOWS\System32\nv4_disp.dll

Address: 0xBD019000

Size: 6344704 bytes

Driver: C:\WINDOWS\system32\drivers\RtkHDAud.sys

Address: 0xB3ABA000

Size: 4911104 bytes

Driver: C:\WINDOWS\system32\ntoskrnl.exe

Address: 0x804D7000

Size: 2260992 bytes

Driver: PnpManager

Address: 0x804D7000

Size: 2260992 bytes

Driver: RAW

Address: 0x804D7000

Size: 2260992 bytes

Driver: WMIxWDM

Address: 0x804D7000

Size: 2260992 bytes

Driver: Win32k

Address: 0xBF800000

Size: 1847296 bytes

Driver: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000

Size: 1847296 bytes

Driver: PCI_PNP7740

Address: 0xF74E3000

Size: 995328 bytes

Driver: spfe.sys

Address: 0xF74E3000

Size: 995328 bytes

Driver: sptd

Address: 0xF74E3000

Size: 995328 bytes

Driver: Ntfs.sys

Address: 0xF7B52000

Size: 577536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

Address: 0xB380F000

Size: 458752 bytes

Driver: C:\WINDOWS\system32\DRIVERS\update.sys

Address: 0xB70B1000

Size: 385024 bytes

Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys

Address: 0xB3992000

Size: 364544 bytes

Driver: C:\WINDOWS\system32\DRIVERS\srv.sys

Address: 0xB2F0E000

Size: 335872 bytes

Driver: C:\WINDOWS\System32\ATMFD.DLL

Address: 0xBFFA0000

Size: 286720 bytes

Driver: C:\WINDOWS\system32\DRIVERS\atksgt.sys

Address: 0xB3028000

Size: 274432 bytes

Driver: C:\WINDOWS\System32\Drivers\HTTP.sys

Address: 0xB27BE000

Size: 266240 bytes

Driver: C:\WINDOWS\System32\Drivers\a71rvvvi.SYS

Address: 0xB7207000

Size: 221184 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdpdr.sys

Address: 0xB710F000

Size: 196608 bytes

Driver: ACPI.sys

Address: 0xF749D000

Size: 188416 bytes

Driver: NDIS.sys

Address: 0xF7B25000

Size: 184320 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys

Address: 0xB3093000

Size: 180224 bytes

Driver: C:\WINDOWS\system32\drivers\kmixer.sys

Address: 0xB184A000

Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys

Address: 0xB387F000

Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

Address: 0xB727A000

Size: 163840 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys

Address: 0xB396A000

Size: 163840 bytes

Driver: dmio.sys

Address: 0xF7832000

Size: 155648 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys

Address: 0xB391C000

Size: 155648 bytes

Driver: C:\WINDOWS\system32\drivers\portcls.sys

Address: 0xB3A96000

Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Address: 0xB72A2000

Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ks.sys

Address: 0xB723D000

Size: 143360 bytes

Driver: C:\WINDOWS\System32\drivers\afd.sys

Address: 0xB38FA000

Size: 139264 bytes

Driver: ACPI_HAL

Address: 0x806FF000

Size: 134528 bytes

Driver: C:\WINDOWS\system32\hal.dll

Address: 0x806FF000

Size: 134528 bytes

Driver: fltMgr.sys

Address: 0xF7A2F000

Size: 131072 bytes

Driver: ftdisk.sys

Address: 0xF7858000

Size: 126976 bytes

Driver: Mup.sys

Address: 0xF7B0B000

Size: 106496 bytes

Driver: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

Address: 0xB7260000

Size: 106496 bytes

Driver: atapi.sys

Address: 0xF796F000

Size: 98304 bytes

Driver: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS

Address: 0xF74CB000

Size: 98304 bytes

Driver: KSecDD.sys

Address: 0xF7A18000

Size: 94208 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys

Address: 0xB71F0000

Size: 94208 bytes

Driver: C:\WINDOWS\system32\drivers\wdmaud.sys

Address: 0xB2B39000

Size: 86016 bytes

Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS

Address: 0xB72C6000

Size: 81920 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys

Address: 0xB39EB000

Size: 77824 bytes

Driver: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBD000000

Size: 73728 bytes

Driver: fgxscsi.sys

Address: 0xF795D000

Size: 73728 bytes

Driver: pci.sys

Address: 0xF748C000

Size: 69632 bytes

Driver: C:\WINDOWS\system32\DRIVERS\psched.sys

Address: 0xB713F000

Size: 69632 bytes

Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Address: 0xF76F7000

Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Address: 0xF7887000

Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\nic1394.sys

Address: 0xF741C000

Size: 65536 bytes

Driver: ohci1394.sys

Address: 0xF75F7000

Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rspndr.sys

Address: 0xB7160000

Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\serial.sys

Address: 0xB8796000

Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\arp1394.sys

Address: 0xF76B7000

Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\drmk.sys

Address: 0xB8706000

Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys

Address: 0xF7877000

Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\sysaudio.sys

Address: 0xB2B8E000

Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Address: 0xB8716000

Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS

Address: 0xF7607000

Size: 57344 bytes

Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Address: 0xF7657000

Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

Address: 0xB8786000

Size: 53248 bytes

Driver: C:\WINDOWS\System32\Drivers\SCDEmu.SYS

Address: 0xF76C7000

Size: 53248 bytes

Driver: VolSnap.sys

Address: 0xF7637000

Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys

Address: 0xB8766000

Size: 49152 bytes

Driver: C:\WINDOWS\System32\Drivers\Fips.SYS

Address: 0xF76D7000

Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys

Address: 0xF740C000

Size: 45056 bytes

Driver: MountMgr.sys

Address: 0xF7627000

Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys

Address: 0xB8776000

Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\EAPPkt.sys

Address: 0xB8726000

Size: 40960 bytes

Driver: isapnp.sys

Address: 0xF7617000

Size: 40960 bytes

Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xB8736000

Size: 40960 bytes

Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys

Address: 0xB8746000

Size: 40960 bytes

Driver: disk.sys

Address: 0xF7647000

Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS

Address: 0xF747C000

Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys

Address: 0xF742C000

Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys

Address: 0xB8756000

Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys

Address: 0xF76A7000

Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys

Address: 0xF7697000

Size: 36864 bytes

Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xF77BF000

Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbccgp.sys

Address: 0xF77C7000

Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Address: 0xF7807000

Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS

Address: 0xF77A7000

Size: 28672 bytes

Driver: C:\WINDOWS\System32\LGDispDrv.dll

Address: 0xBD012000

Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Address: 0xF7707000

Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

Address: 0xF780F000

Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Address: 0xF7777000

Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Address: 0xF777F000

Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS

Address: 0xF7767000

Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Address: 0xF77FF000

Size: 24576 bytes

Driver: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xF77AF000

Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\AegisP.sys

Address: 0xF77DF000

Size: 20480 bytes

Driver: C:\WINDOWS\System32\Drivers\Aspi32.SYS

Address: 0xF77E7000

Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\hamachi.sys

Address: 0xB7CF7000

Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\lirsgt.sys

Address: 0xF77EF000

Size: 20480 bytes

Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xF77B7000

Size: 20480 bytes

Driver: PartMgr.sys

Address: 0xF770F000

Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys

Address: 0xB7D07000

Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys

Address: 0xB7CFF000

Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS

Address: 0xB7D0F000

Size: 20480 bytes

Driver: C:\WINDOWS\System32\watchdog.sys

Address: 0xF77D7000

Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\kbdhid.sys

Address: 0xB3956000

Size: 16384 bytes

Driver: C:\WINDOWS\system32\drivers\mbam.sys

Address: 0xB34E7000

Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Address: 0xB8267000

Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys

Address: 0xB33DF000

Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\serenum.sys

Address: 0xB87A6000

Size: 16384 bytes

Driver: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xF7897000

Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xB3942000

Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\hidusb.sys

Address: 0xB3962000

Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mouhid.sys

Address: 0xB395E000

Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys

Address: 0xB86DE000

Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys

Address: 0xB86E6000

Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\ws2ifsl.sys

Address: 0xB70A1000

Size: 12288 bytes

Driver: C:\WINDOWS\System32\Drivers\Beep.SYS

Address: 0xF79C7000

Size: 8192 bytes

Driver: dmload.sys

Address: 0xF798B000

Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF79C5000

Size: 8192 bytes

Driver: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xF7987000

Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Address: 0xF79C9000

Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xF79CB000

Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys

Address: 0xF79BB000

Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Address: 0xF79C1000

Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\WMILIB.SYS

Address: 0xF7989000

Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys

Address: 0xB86FC000

Size: 4096 bytes

Driver: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xF7AB5000

Size: 4096 bytes

Driver: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xB8704000

Size: 4096 bytes

Driver: pciide.sys

Address: 0xF7A4F000

Size: 4096 bytes

Driver: unknown_irp_handler

Address: 0x8B00E1F8

Size: 3592 bytes

Driver: unknown_irp_handler

Address: 0x8ACFE1F8

Size: 3592 bytes

Driver: unknown_irp_handler

Address: 0x8B0101F8

Size: 3592 bytes

Driver: unknown_irp_handler

Address: 0x8AD921F8

Size: 3592 bytes

Driver: unknown_irp_handler

Address: 0x8B0841F8

Size: 3592 bytes

Driver: unknown_irp_handler

Address: 0x8AE261F8

Size: 3592 bytes

Driver: unknown_irp_handler

Address: 0x8B00F1F8

Size: 3592 bytes

Driver: unknown_irp_handler

Address: 0x8ADF11F8

Size: 3592 bytes

Driver: unknown_irp_handler

Address: 0x8A7471F8

Size: 3592 bytes

Driver: unknown_irp_handler

Address: 0x8AE0C500

Size: 2816 bytes

Driver: unknown_irp_handler

Address: 0x8AE44500

Size: 2816 bytes

==============================================

>Stealth

==============================================

>Files

Suspect File: C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\Desktop.ini Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Application Data\Skype\My Skype Received Files\IMG_16112010_112722.png Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Application Data\Skype\slrs916\chatsync\86\864c0b01ee70dad0.dat Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\flowcode v3\Stuff i need to forget\[Nipponsei]_Witchblade_OP_Single_-_XTC_[Psychic_Lover]_(320_kbps)\[Nipponsei] Witchblade OP Single - XTC [Psychic Lover] (320 kbps)\Nipponsei - Witchblade OP.txtrumental).mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 8600 GT (729934)\Data_Shaders_PC_Particle_Forest_PointParticle_Fog_PS_fx_1227190444.obj.obj Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 8600 GT (729934)\Data_Shaders_PC_Particle_Forest_PointParticle_Fog_VS_fx_1231607202.obj.obj Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 8600 GT (729934)\Data_Shaders_PC_Plane_PlaneClassicNoSpecMapNNPS_SHDH_fx_1232704432.obj.obj Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 8600 GT (729934)\Data_Shaders_PC_Plane_PlaneClassicNoSpecMapNoEnvNNPS_fx_1230032226.obj16.ob

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 8600 GT (729934)\Data_Shaders_PC_Plane_PlaneClassicNoSpecMapNoEnvNNPS_SHDH_fx_1232704446.obj

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 8600 GT (729934)\Data_Shaders_PC_Plane_PlaneClassicNoSpecMapNoEnvNNPS_SHD_fx_1230032232.objj

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 8600 GT (729934)\Data_Shaders_PC_Plane_PlaneClassicNoSpecMapNoEnvPS_SHDH_fx_1232704456.objjj

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 8600 GT (729934)\Data_Shaders_PC_Plane_PlaneClassicNoSpecMapNoEnvPS_SHD_fx_1230032242.objjjj

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 8600 GT (729934)\Data_Shaders_PC_Skinning_IlluminationPS_WithNormalMap2P_fx_1219744600.objjj

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 8600 GT (729934)\Data_Shaders_PC_Skinning_IlluminationPS_WithNormalMap4S_fx_1219744596.objjj

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 8600 GT (729934)\Data_Shaders_PC_Skinning_IlluminationPS_WithNormalMap_fx_1223473728.objobjb

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 8600 GT (729934)\Data_Shaders_PC_Skinning_IlluminationPS_WithNormalVertex_fx_1229447270.objb

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 9800 GT (728427)\Data_Shaders_PC_Particle_Forest_PointParticle_DBG_PS_fx_1227190444.objbjjjj

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 9800 GT (728427)\Data_Shaders_PC_Particle_Forest_PointParticle_Fog_PS_fx_1227190444.obj.obj Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 9800 GT (728427)\Data_Shaders_PC_Particle_Forest_PointParticle_Fog_VS_fx_1231607202.obj.obj Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 9800 GT (728427)\Data_Shaders_PC_Plane_PlaneClassicNoSpecMapNNPS_SHDH_fx_1232704432.objbjjjj

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 9800 GT (728427)\Data_Shaders_PC_Plane_PlaneClassicNoSpecMapNoEnvNNPS_fx_1230032226.obj16.ob

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 9800 GT (728427)\Data_Shaders_PC_Plane_PlaneClassicNoSpecMapNoEnvNNPS_SHDH_fx_1232704446.obj

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 9800 GT (728427)\Data_Shaders_PC_Plane_PlaneClassicNoSpecMapNoEnvNNPS_SHD_fx_1230032232.objj

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 9800 GT (728427)\Data_Shaders_PC_Plane_PlaneClassicNoSpecMapNoEnvPS_SHDH_fx_1232704456.objjj

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 9800 GT (728427)\Data_Shaders_PC_Plane_PlaneClassicNoSpecMapNoEnvPS_SHD_fx_1230032242.objjjj

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 9800 GT (728427)\Data_Shaders_PC_Skinning_IlluminationPS_WithNormalMap2P_fx_1219744600.objjj

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 9800 GT (728427)\Data_Shaders_PC_Skinning_IlluminationPS_WithNormalMap4S_fx_1219744596.objjj

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 9800 GT (728427)\Data_Shaders_PC_Skinning_IlluminationPS_WithNormalMap_fx_1223473728.objbjjj

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\PFiles\N3GT916\Programs\Games\PC Games\Tom Clancy's H.A.W.X\TitleDataRegion\CompiledShaders\NVIDIA GeForce 9800 GT (728427)\Data_Shaders_PC_Skinning_IlluminationPS_WithNormalVertex_fx_1229447270.objj

j Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\Schools\Schools and scholar ships in France\CV+ Lettre\~$CV.doc Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\Schools\Schools and scholar ships in France\CV+ Lettre\~$ttre de motivation.docx Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Desktop\Stuff to keep\Schools\Schools and scholar ships in France\CV+ Lettre\~WRL0001.tmp Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\02 - What's In Session One.mp3our AmE Accent.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\03 - The Vowels 1, 6, And 10.mp3r AmE Accent.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\04 - Vowel Sound 11.mp3nd 10.mp3r AmE Accent.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\05 - Syllables.mp31.mp3nd 10.mp3r AmE Accent.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\06 - Syllable Stress.mp3d 10.mp3r AmE Accent.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\07 - Consonants_ Stops And Continuants.mp3nt.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\09 - Voicing And Vowel Duration.mp3 Extra Stop Sound.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\10 - Stress In Abbreviations And Initials.mp3p Sound.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\11 - Let's Try To Apply This Information.mp33p Sound.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\12 - Assignment.mp3pply This Information.mp33p Sound.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\14 - The Vowels_ Review Of Vowels 6 And 11.mp3 Sound.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\15 - The Vowels_ Introducing Vowels 3, 4, And 5.mp3d.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\16 - Different Ways To Pronounce Stops.mp3And 5.mp3d.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\17 - Linking Words Together.mp3e Stops.mp3And 5.mp3d.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\20 - Word Stress In ADJective Noun Phrases.mp3, -Tion.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\21 - Let's Try To Apply All This Information.mp3-Tion.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD1\22 - Assignment.mp3pply All This Information.mp3-Tion.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\02 - The Vowels_ 1 And 2.mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\04 - The Vowels_ Vowel 12.mp3 1, 2, 3, And 4.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\05 - The Three -Ed Verb Endings.mp3 3, And 4.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\06 - Practice Using The -Ed Endings.mp3And 4.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\08 - Practice Using The D Or T Flap.mp3 Or T Flap.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\10 - Stress In Noun Noun Phrase.mp3-Ity.mp3mportant.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\11 - To Stress Or Not To Stress_ The Schwa.mp3rtant.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\12 - Stress And Non-Stress In Some Useful Words.mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\13 - Let's Try To Apply All This Information.mp3mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\14 - Assignment.mp3pply All This Information.mp3mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\15 - What's In Session Four.mp3s Information.mp3mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\16 - Vowels_ Vowel Sound 8.mp33s Information.mp3mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\17 - Vowels_ Back Vowels 8, 9, And 10.mp3 Or -Ual Suffixes.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\18 - Contractions_ Is.mp3 Or T Flap.mp3 Or T Flap.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\19 - Contractions_ Are.mp3Or T Flap.mp3 Or T Flap.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\20 - Contractions_ Does.mp3r T Flap.mp3 Or T Flap.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\21 - Contractions_ Did.mp33r T Flap.mp3 Or T Flap.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\22 - Contractions_ Will.mp3r T Flap.mp3 Or T Flap.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\23 - Contractions_ Would.mp3 T Flap.mp3 Or T Flap.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\24 - Contractions_ Can And Can't.mp3mp3 Or T Flap.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\26 - Stress With The Common Suffix -Ity.mp3mportant.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD2\27 - Assignment.mp3e Common Suffix -Ity.mp3mportant.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\04 - Practicing Non-Stress.mp3 Liking, And Reductions In Declarative Sentences.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\05 - Summary Of Some Important Speech Aspects.mp3ions In Declarative Sentences.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\06 - When Joining A Front Vowel.mp3ch Aspects.mp3ions In Declarative Sentences.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\07 - When Joining A Back Vowel.mp33ch Aspects.mp3ions In Declarative Sentences.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\08 - Forming New Sounds By Joining Sounds Together.mp3In Declarative Sentences.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\09 - Linking Words With The Same (Or Closely Related) Sounds.mp3tive Sentences.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\10 - Practice With Some Common Helping Verbs.mp3ated) Sounds.mp3tive Sentences.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\11 - Assignment.mp3Some Common Helping Verbs.mp3ated) Sounds.mp3tive Sentences.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\12 - What's In Session Six.mp3 Helping Verbs.mp3ated) Sounds.mp3tive Sentences.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\13 - Pitch Pattern Change After A Subject Has Been Introduced.mp3ive Sentences.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\14 - Usual Pitch Patterns In English Information Questions.mp3mp3ive Sentences.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\15 - Usual Pitch Patterns In North American English Yes-No Questions.mp3tences.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\16 - Usual Pitch Patterns In North American English Either-Or Questions.mp3ces.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\17 - Usual Pitch Patterns In North American English Attached Questions.mp33ces.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\18 - Breaking The Rules Of Stress In Special Situations.mp3d Questions.mp33ces.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\19 - Let's Try To Apply All This Information.mp3uations.mp3d Questions.mp33ces.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Accent\Improve Your American English Accent - (ebook+3 audio CD's) - seeded -\ImproveAmericanEnglishAccentCD3\20 - Assignment.mp3pply All This Information.mp3uations.mp3d Questions.mp33ces.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\abscission-accomplish.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\accordion-acrimony.mp3mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\actionable-adversity.mp333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\advert-agitate.mp3ty.mp333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\agrarian-allusion.mp3mp333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\alluvion-ampersand.mp3p333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\amphibious-annuity.mp3p333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\annunciation-antique.mp333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\aqueduct-arrogant.mp3mp333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\arrogate-assuage.mp33mp333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\astringent-autocrat.mp3333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\automaton-bask.mp3t.mp3333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\bass-benevolent.mp3.mp3333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\benign-bitterness.mp3p3333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\blase-boycott.mp3.mp3p3333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\brae-breaker.mp33.mp3p3333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\breech-bungle.mp3.mp3p3333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd1-abase-calvinize\buoyancy-calvinize.mp33333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd2-came-divisor\conceit-confluent.mp3mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd2-came-divisor\conformance-console.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd2-came-divisor\consolidate-contort.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd2-came-divisor\contraband-copious.mp333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd2-came-divisor\countervail-cudgel.mp3p3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd2-came-divisor\deciduous-defraud.mp33p3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd2-came-divisor\defray-denominate.mp33p3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd2-came-divisor\descent-diacritical.mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd2-came-divisor\diagnose-disallow.mp3p3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd2-came-divisor\disappear-disinfectant.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd2-came-divisor\disinherit-dissipation.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd2-came-divisor\dissolute-divisor.mp3n.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd3-divulge-icily\encore-endemic.mp3ss.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd3-divulge-icily\endue-epicurean.mp3s.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd3-divulge-icily\epicycle-eugenic.mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd3-divulge-icily\eulogize-excruciate.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd3-divulge-icily\excursion-expend.mp3mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd3-divulge-icily\expense-extremity.mp3p33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd3-divulge-icily\extricate-ferocity.mp333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd3-divulge-icily\fervent-floral.mp3.mp333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd3-divulge-icily\florid-foreordain.mp3333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd3-divulge-icily\formation-fulcrum.mp3mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd3-divulge-icily\gourmand-gumption.mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd3-divulge-icily\gusto-herbarium.mp3p3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd3-divulge-icily\herbivorous-horde.mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd3-divulge-icily\hosiery-icily.mp3.mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd4-iciness-ministration\iciness-imminence.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd4-iciness-ministration\indicant-infamy.mp3ctible.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd4-iciness-ministration\inference-inhume.mp3tible.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd4-iciness-ministration\inimical-instigator.mp3le.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd4-iciness-ministration\instill-interrogate.mp3le.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd4-iciness-ministration\interrogative-invalid.mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd4-iciness-ministration\invalidate-irrefragable.mp3p3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd4-iciness-ministration\irrefrangible-jubilation.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd4-iciness-ministration\lacerate-legible.mp3tion.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd4-iciness-ministration\legionary-lingua.mp3tion.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd4-iciness-ministration\lingual-loot.mp3.mp3tion.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd4-iciness-ministration\loquacious-magnet.mp3ion.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd4-iciness-ministration\magnetize-manor.mp3p3ion.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd4-iciness-ministration\mantel-mealy-mouthed.mp3.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd4-iciness-ministration\meander-metaphysician.mp3mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd4-iciness-ministration\metaphysics-ministration.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd5-ministry-preferable\ministry-mobocracy.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd5-ministry-preferable\moccasin-moralist.mp333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd5-ministry-preferable\morality-naphtha.mp3333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd5-ministry-preferable\nondescript-oblivion.mp3mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd5-ministry-preferable\oblong-ocular.mp3ion.mp3mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd5-ministry-preferable\oculist-opportune.mp3mp3mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd5-ministry-preferable\ostracism-oversee.mp3on.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd5-ministry-preferable\papacy-passible.mp3p3on.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd5-ministry-preferable\passive-pellucid.mp33on.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd5-ministry-preferable\penalty-peremptory.mp3n.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd5-ministry-preferable\perennial-persuade.mp3n.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd5-ministry-preferable\philosophy-plagiarism.mp3mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd5-ministry-preferable\planisphere-polygamy.mp33mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd5-ministry-preferable\polyglot-prate.mp3my.mp33mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd5-ministry-preferable\prattle-preferable.mp3p33mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\pretext-proffer.mp3tural.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\propriety-provocation.mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\prowess-quadrate.mp3n.mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\quadruple-quibble.mp3.mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\quiescence-readjust.mp3p3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\ready-reconstruct.mp3p3p3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\recourse-refusal.mp33p3p3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\remodel-reproduction.mp33.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\reproof-reticent.mp3.mp33.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\retinue-rivulet.mp33.mp33.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\robust-sapience.mp33.mp33.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\sapient-seclude.mp33.mp33.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\seclusion-sentence.mp3p33.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\sentience-significant.mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\signification-solicitude.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\soliloquy-spheroid.mp3de.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd6-preference-statecraft\spherometer-statecraft.mp3p33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd7-static-zodiac\subjacent-summary.mp3p3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd7-static-zodiac\suspense-tangible.mp3.mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd7-static-zodiac\tannery-termination.mp3p3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd7-static-zodiac\terminus-tolerant.mp3p3p3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd7-static-zodiac\tolerate-transitory.mp3p3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd7-static-zodiac\translate-triad.mp3.mp3p3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd7-static-zodiac\tribune-ulterior.mp3mp3p3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd7-static-zodiac\ultimate-undulous.mp3p3p3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd7-static-zodiac\unfavorable-usury.mp3p3p3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd7-static-zodiac\venerable-vincible.mp3mp3 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd7-static-zodiac\vindicate-voluptuous.mp33 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\My Documents\Downloads\English Tests Material (GRE, TOEFL, IELTS, General English Improving Material)\Vocabulary\English Vocabulary 5000 Ivy League\5000 Ivy League Vocabulary + pdf\cd7-static-zodiac\voracious-wittingly.mp333 Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Recent\20100320_cv.doc.lnk Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Recent\CV+ Lettre.lnk Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Recent\CV.doc.lnk Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Recent\Lettre de motivation.docx.lnk Status: Hidden

Suspect File: C:\Documents and Settings\Administrator\Recent\Viewed chapters suring this year.txt.lnk Status: Hidden

Suspect File: C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA Status: Hidden

Suspect File: C:\RECYCLER\S-1-5-21-1645522239-113007714-1417001333-500\Dc1.txt Status: Hidden

Suspect File: C:\sonicp.pid::$DATA Status: Hidden

==============================================

>Hooks

ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump at address 0x804DCB22 hook handler located in [ntoskrnl.exe]

[2224]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E42B3C6 hook handler located in [ieframe.dll]

[2224]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump at address 0x7E42D0A3 hook handler located in [ieframe.dll]

[2224]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump at address 0x7E456D7D hook handler located in [ieframe.dll]

[2224]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump at address 0x7E432072 hook handler located in [ieframe.dll]

[2224]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump at address 0x7E43B144 hook handler located in [ieframe.dll]

[2224]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump at address 0x7E4247AB hook handler located in [ieframe.dll]

[2224]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump at address 0x7E45085C hook handler located in [ieframe.dll]

[2224]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump at address 0x7E450838 hook handler located in [ieframe.dll]

[2224]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump at address 0x7E43A082 hook handler located in [ieframe.dll]

[2224]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump at address 0x7E4664D5 hook handler located in [ieframe.dll]

[2224]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E42820F hook handler located in [ieframe.dll]

[2224]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x7E42D5F3 hook handler located in [ieframe.dll]

[2316]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump at address 0x7E42D0A3 hook handler located in [ieframe.dll]

[2316]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump at address 0x7E456D7D hook handler located in [ieframe.dll]

[2316]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump at address 0x7E432072 hook handler located in [ieframe.dll]

[2316]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump at address 0x7E43B144 hook handler located in [ieframe.dll]

[2316]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump at address 0x7E4247AB hook handler located in [ieframe.dll]

[2316]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump at address 0x7E45085C hook handler located in [ieframe.dll]

[2316]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump at address 0x7E450838 hook handler located in [ieframe.dll]

[2316]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump at address 0x7E43A082 hook handler located in [ieframe.dll]

[2316]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump at address 0x7E4664D5 hook handler located in [ieframe.dll]

[2332]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]

[2832]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification at address 0x012570A0 hook handler located in [unknown_code_page]

[2832]Skype.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x012570A4 hook handler located in [unknown_code_page]

Link to post
Share on other sites

Out of curiosity what was the virus name was it one name or multiple?

What antivirus was detecting it?

sorry for the second post,

It was detected by NOD32, AVG, Antivir, BitDefender, Avast and addaware.

Each time I used another one, it did detect the virus inside the Antivirus data of the previous one.

Link to post
Share on other sites

Ok please do the following:

Please download TFC by Old Timer.

  • Double-click TFC.exe to run the program.
    (If using Vista please Right Click and Choose "Run as Administrator")
    Click the Start button.
    Please reboot when prompted.

==============================================

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Link to post
Share on other sites

Ok please do the following:

Please download TFC by Old Timer.

  • Double-click TFC.exe to run the program.
    (If using Vista please Right Click and Choose "Run as Administrator")
    Click the Start button.
    Please reboot when prompted.

==============================================

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

I did everything beside the Kaspersky part "0 [ERROR: Anti-virus database was updated after license expiry]" It reminds me aswell that I used Kaspersky, and it did detect it too.

Once again, thanks for the help you are providing.

Link to post
Share on other sites

You are welcome :)

I need to see what is happening.

Please click here to download Kaspersky Virus Removal Tool.

  1. Double click on the file you just downloaded and let it install.
  2. It will install to your desktop.
  3. After that leave what is selected and put a check next to My Computer.
  4. Click on the option that says Threat Detection and change it to Disinfect.
  5. Then click on Start Scan.
  6. When the scan is done no log will be produced.
  7. Click on the bottom where it says Report to open the report.
  8. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  9. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  10. You can save this on the desktop.
  11. Post the contents of the document in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Link to post
Share on other sites

Autoscan: stopped 30 minutes ago (events: 3, objects: 382, time: 00:15:53)

11/17/2010 03:28:39 Task started

11/17/2010 03:36:21 Detected: Trojan.Win32.Small.adhg C:\WINDOWS\system32\sensvc.exe

11/17/2010 03:44:33 Task stopped

Disinfect active threats: completed 4 minutes ago (events: 7, objects: 4670, time: 00:26:17)

11/17/2010 03:44:33 Task started

11/17/2010 03:44:33 Detected: Trojan.Win32.Small.adhg C:\WINDOWS\system32\sensvc.exe

11/17/2010 03:44:55 Deleted: Trojan.Win32.Small.adhg C:\WINDOWS\system32\sensvc.exe

11/17/2010 03:46:31 Detected: http://www.viruslist.com/en/advisories/41917 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

11/17/2010 03:57:13 Detected: http://www.viruslist.com/en/advisories/41656 C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe

11/17/2010 04:09:37 Detected: http://www.viruslist.com/en/advisories/41917 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

11/17/2010 04:10:50 Task completed

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    SRV - (05355) -- File not found
    SRV - (SENSVC) -- C:\WINDOWS\system32\sensvc.exe ()
    DRV - (XPADFL02) -- C:\WINDOWS\System32\DRIVERS\xpadfl02.sys File not found
    DRV - (XDva370) -- C:\WINDOWS\System32\XDva370.sys File not found
    DRV - (XDva363) -- C:\WINDOWS\System32\XDva363.sys File not found
    DRV - (XDva362) -- C:\WINDOWS\System32\XDva362.sys File not found
    DRV - (XDva359) -- C:\WINDOWS\System32\XDva359.sys File not found
    DRV - (XDva358) -- C:\WINDOWS\System32\XDva358.sys File not found
    DRV - (XDva354) -- C:\WINDOWS\System32\XDva354.sys File not found
    DRV - (XDva352) -- C:\WINDOWS\System32\XDva352.sys File not found
    DRV - (XDva351) -- C:\WINDOWS\System32\XDva351.sys File not found
    DRV - (XDva349) -- C:\WINDOWS\System32\XDva349.sys File not found
    DRV - (XDva347) -- C:\WINDOWS\System32\XDva347.sys File not found
    DRV - (XDva346) -- C:\WINDOWS\System32\XDva346.sys File not found
    DRV - (XDva343) -- C:\WINDOWS\System32\XDva343.sys File not found
    DRV - (XDva342) -- C:\WINDOWS\System32\XDva342.sys File not found
    DRV - (XDva341) -- C:\WINDOWS\System32\XDva341.sys File not found
    DRV - (XDva337) -- C:\WINDOWS\System32\XDva337.sys File not found
    DRV - (XDva332) -- C:\WINDOWS\System32\XDva332.sys File not found
    DRV - (XDva328) -- C:\WINDOWS\System32\XDva328.sys File not found
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - No CLSID value found.
    O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
    O4 - HKLM..\RunOnceEx: [Title] File not found
    [2010/11/14 22:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job


    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

===============

Open OTL once more and click on Run scan at the top and post the log that opens.

Link to post
Share on other sites

Here is the Run Fix log

All processes killed

========== OTL ==========

Service 05355 stopped successfully!

Service 05355 deleted successfully!

File File not found not found.

Error: No service named SENSVC was found to stop!

Service\Driver key SENSVC not found.

File C:\WINDOWS\system32\sensvc.exe not found.

Service XPADFL02 stopped successfully!

Service XPADFL02 deleted successfully!

File C:\WINDOWS\System32\DRIVERS\xpadfl02.sys File not found not found.

Error: Unable to stop service XDva370!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XDva370 deleted successfully.

File C:\WINDOWS\System32\XDva370.sys File not found not found.

Service XDva363 stopped successfully!

Service XDva363 deleted successfully!

File C:\WINDOWS\System32\XDva363.sys File not found not found.

Service XDva362 stopped successfully!

Service XDva362 deleted successfully!

File C:\WINDOWS\System32\XDva362.sys File not found not found.

Service XDva359 stopped successfully!

Service XDva359 deleted successfully!

File C:\WINDOWS\System32\XDva359.sys File not found not found.

Service XDva358 stopped successfully!

Service XDva358 deleted successfully!

File C:\WINDOWS\System32\XDva358.sys File not found not found.

Service XDva354 stopped successfully!

Service XDva354 deleted successfully!

File C:\WINDOWS\System32\XDva354.sys File not found not found.

Service XDva352 stopped successfully!

Service XDva352 deleted successfully!

File C:\WINDOWS\System32\XDva352.sys File not found not found.

Service XDva351 stopped successfully!

Service XDva351 deleted successfully!

File C:\WINDOWS\System32\XDva351.sys File not found not found.

Service XDva349 stopped successfully!

Service XDva349 deleted successfully!

File C:\WINDOWS\System32\XDva349.sys File not found not found.

Service XDva347 stopped successfully!

Service XDva347 deleted successfully!

File C:\WINDOWS\System32\XDva347.sys File not found not found.

Service XDva346 stopped successfully!

Service XDva346 deleted successfully!

File C:\WINDOWS\System32\XDva346.sys File not found not found.

Service XDva343 stopped successfully!

Service XDva343 deleted successfully!

File C:\WINDOWS\System32\XDva343.sys File not found not found.

Service XDva342 stopped successfully!

Service XDva342 deleted successfully!

File C:\WINDOWS\System32\XDva342.sys File not found not found.

Service XDva341 stopped successfully!

Service XDva341 deleted successfully!

File C:\WINDOWS\System32\XDva341.sys File not found not found.

Service XDva337 stopped successfully!

Service XDva337 deleted successfully!

File C:\WINDOWS\System32\XDva337.sys File not found not found.

Service XDva332 stopped successfully!

Service XDva332 deleted successfully!

File C:\WINDOWS\System32\XDva332.sys File not found not found.

Service XDva328 stopped successfully!

Service XDva328 deleted successfully!

File C:\WINDOWS\System32\XDva328.sys File not found not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{88f8c352-20c7-4051-aaa1-5466cd5e5f63} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.

C:\WINDOWS\Tasks\SmartDefrag.job moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 125424048 bytes

->Temporary Internet Files folder emptied: 232747391 bytes

->Java cache emptied: 128094 bytes

->FireFox cache emptied: 84156262 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 1256 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: SLRS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 16384 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 422.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11172010_181052

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF683E.tmp not found!

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6843.tmp not found!

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6895.tmp not found!

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF689A.tmp not found!

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SV0SBTVI\MsgrConfig[1].asmx moved successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IGXAPXMP\iframe[1].htm moved successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IGXAPXMP\index[1].php moved successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IGXAPXMP\MsgrConfig[1].asmx moved successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_3f4.dat not found!

Registry entries deleted on Reboot...

And there is the Run Scan log

OTL logfile created on: 11/17/2010 6:17:53 PM - Run 2

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free

5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 462.53 Gb Total Space | 188.13 Gb Free Space | 40.68% Space Free | Partition Type: NTFS

Drive N: | 7.46 Gb Total Space | 2.15 Gb Free Space | 28.82% Space Free | Partition Type: FAT32

Computer Name: SKYLINE | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\C665089E09A74A44B11CBE01878E1049\Contact Alarm.exe (Earlybird Applications)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

PRC - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

PRC - C:\WINDOWS\system32\PAStiSvc.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (wscsvc) -- C:\WINDOWS\System32\wscsvc.dll File not found

SRV - (Apache2.2) -- c:\xampp\apache\bin\apache.exe File not found

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll ()

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (mi-raysat_3dsmax2010_32) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()

SRV - (NetCMan) -- C:\WINDOWS\system32\netcman.dll (Microsoft Corporation)

SRV - (NOD32FiXTemDono) -- C:\WINDOWS\System32\regedt32.exe (Microsoft Corporation)

SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (scrcap) -- C:\WINDOWS\System32\DRIVERS\scrcap.sys File not found

DRV - (PAC207) -- C:\WINDOWS\System32\DRIVERS\pfc027.sys File not found

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found

DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found

DRV - (fgdxbus) -- C:\WINDOWS\System32\DRIVERS\fgdxbus.sys File not found

DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found

DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found

DRV - (uti3mza3) -- C:\WINDOWS\system32\drivers\uti3mza3.sys ()

DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)

DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)

DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (RsFx0103) -- C:\WINDOWS\system32\drivers\RsFx0103.sys (Microsoft Corporation)

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (LGII2CDevice) -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys ()

DRV - (LGDDCDevice) -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys ()

DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)

DRV - (KMWDFILTER) -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (camfilt2) -- C:\WINDOWS\system32\drivers\camfilt2.sys (Guillemot Corporation)

DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()

DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project)

DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)

DRV - (FGXSCSI) -- C:\WINDOWS\system32\DRIVERS\fgxscsi.sys (FarStone Inc.)

DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys ()

DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)

DRV - (ASPI) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"

FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\lolifox 0.3.6\extensions\\Components: C:\Program Files\lolifox\components [2010/11/16 22:22:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\lolifox 0.3.6\extensions\\Plugins: C:\Program Files\lolifox\plugins [2010/11/16 22:22:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/16 22:22:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/16 22:22:05 | 000,000,000 | ---D | M]

[2010/03/21 13:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/02/08 19:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com

[2010/11/17 03:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions

[2010/11/07 23:01:19 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

[2010/10/07 19:41:31 | 000,000,000 | ---D | M] (smscut Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}

[2010/06/25 11:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}

[2010/11/16 03:18:09 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}

[2010/09/19 01:45:19 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2010/05/03 19:28:26 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

[2010/06/26 11:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

[2010/11/07 23:01:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/10/09 00:45:32 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010/11/17 03:27:48 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

[2010/08/12 02:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\en-AU@dictionaries.addons.mozilla.org

[2010/08/12 02:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\en-CA@dictionaries.addons.mozilla.org

[2010/08/12 02:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2010/10/07 19:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\en-US@dictionaries.addons.mozilla.org

[2010/09/25 09:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\foxyproxy@eric.h.jung

[2010/10/07 19:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\nl-NL@dictionaries.addons.mozilla.org

[2010/06/19 08:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\piclens@cooliris.com

[2010/06/19 08:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\piclens@cooliris.com-trash

[2010/07/24 01:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\extensions\runtime@panda3d.org

[2010/08/18 16:28:06 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rm822mek.default\searchplugins\conduit.xml

[2010/11/17 02:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/18 19:41:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/05/28 09:32:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/03 10:17:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2010/05/28 09:32:05 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/07/11 15:12:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

[2009/11/10 02:30:56 | 000,189,592 | ---- | M] (MGame) -- C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll

O1 HOSTS File: ([2010/09/06 16:15:43 | 000,416,778 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14388 more lines...

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88F8C352-20C7-4051-AAA1-5466CD5E5F63} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [iSUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 256

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1

O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm ()

O8 - Extra context menu item: SYSTRAN Lookup - C:\Program Files\SYSTRAN\6\GUIres.dll ()

O8 - Extra context menu item: SYSTRAN Translate - C:\Program Files\SYSTRAN\6\GUIres.dll ()

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\PrxerNsp.dll (Initex Software)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} Reg Error: Value error. (Windows Genuine Advantage Validation Tool)

O16 - DPF: {2AD0C02D-3A2E-4192-BD8A-19C89BD0DFF1} file:///C:/Documents%20and%20Settings/All%20Users/Application%20Data/Skype/Plugins/Plugins/263AF18BA8E6473194D1E386FDADB7DE/4USclub.cab (connectionClub Control)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/10/24 16:38:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{010f148c-8dd6-11df-a4b0-001fd0245e62}\Shell\Auto\command - "" = K:\launcher.exe -- File not found

O33 - MountPoints2\{010f148c-8dd6-11df-a4b0-001fd0245e62}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{9598eb54-26fd-11df-a398-001fd0245e62}\Shell\AutoRun\command - "" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/17 18:10:52 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/11/17 07:50:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2010/11/16 22:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/11/16 22:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/11/16 22:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/11/16 22:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2010/11/16 22:20:53 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll

[2010/11/16 22:20:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/11/16 19:55:09 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe

[2010/11/16 15:48:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Desktop\Passport etc

[2010/11/16 15:46:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Desktop\IMPORTANT, KEEP FOR THE SCHOOL

[2010/11/16 15:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Final

[2010/11/16 10:37:03 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010/11/15 23:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\New Folder

[2010/11/14 11:26:02 | 000,000,000 | ---D | C] -- C:\ToolBar SD

[2010/11/14 11:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Noob account

[2010/11/12 14:58:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/12 14:58:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/12 14:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/12 14:50:34 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll

[2010/11/12 14:50:19 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll

[2010/11/12 14:49:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx

[2010/11/12 14:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services

[2010/11/12 14:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2010/11/12 14:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual Studio 2010

[2010/11/12 14:44:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\symbols

[2010/11/12 14:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0

[2010/11/12 14:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs

[2010/11/12 14:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer

[2010/11/12 14:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules

[2010/11/11 14:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\MicroVolts

[2010/11/10 16:07:46 | 000,000,000 | ---D | C] -- C:\bb2a487c38577ce17440bb1c

[2010/11/09 23:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Gens32_Surreal_v1_86_HD

[2010/11/09 20:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\EndlessOnline

[2010/11/09 14:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Euro Truck Simulator

[2010/11/09 14:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\LOTROEU_Enedwaith_EN_GB_Installer

[2010/11/09 13:07:32 | 000,000,000 | ---D | C] -- C:\Games

[2010/11/02 15:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SKIDROW

[2010/11/02 15:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PhotoFiltre Studio X

[2010/11/02 15:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoFiltre Studio X

[2010/10/31 18:23:41 | 008,567,280 | ---- | C] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\Firefox Setup 3.6.12.exe

[2010/10/18 20:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Protech1Inc

[2010/10/18 20:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\4USclub

[2010/10/18 20:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Earlybird_Applications

[2010/10/18 20:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Earlybird Applications

[2010/10/18 20:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\Iteral

[2010/10/18 20:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\TalkAndWrite

[2010/10/18 20:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TalkAndWrite

[2010/10/18 19:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2010/10/18 19:40:04 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2010/10/18 19:25:20 | 000,955,784 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Administrator\Desktop\SkypeSetup.exe

[2010/10/18 19:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\PokerTH-0.8.1

[2010/10/18 19:16:10 | 019,837,920 | ---- | C] (www.pokerth.net) -- C:\Documents and Settings\Administrator\Desktop\PokerTH-0.8.1-windows-installer.exe

[2010/06/03 17:42:14 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

[2010/06/03 17:42:13 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/17 18:15:41 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-113007714-1417001333-500.job

[2010/11/17 18:15:40 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job

[2010/11/17 18:15:40 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-113007714-1417001333-1004.job

[2010/11/17 18:15:40 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-113007714-1417001333-1003.job

[2010/11/17 18:15:40 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-113007714-1417001333-1008.job

[2010/11/17 18:15:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/17 18:10:21 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{875AEC90-6EC8-4C97-A207-23F3807570FD}.job

[2010/11/17 18:10:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{41D25108-1454-446C-824C-299138AA2983}.job

[2010/11/17 14:40:04 | 000,181,332 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20100918_040449.jpg

[2010/11/17 14:40:04 | 000,180,516 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20100918_040707.jpg

[2010/11/17 14:39:59 | 000,180,989 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20100918_040514.jpg

[2010/11/17 14:39:52 | 000,182,473 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20100918_041257.jpg

[2010/11/17 14:39:43 | 000,181,187 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20100918_040500.jpg

[2010/11/17 11:25:27 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-113007714-1417001333-500.job

[2010/11/17 04:03:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\New Text Document (10).nfo

[2010/11/17 03:47:41 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/11/17 03:26:07 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\uti3mza3.sys

[2010/11/16 22:21:56 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/11/16 19:55:10 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe

[2010/11/16 15:27:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-113007714-1417001333-1004.job

[2010/11/16 10:40:31 | 000,087,354 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\20071210_182632_rku37300509.rar

[2010/11/16 10:36:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010/11/16 10:32:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/16 00:48:55 | 004,824,898 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\05 Round Round.mp3

[2010/11/16 00:48:03 | 000,014,556 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\Folder.jpg

[2010/11/16 00:48:03 | 000,014,556 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{083FAEB2-71DC-4423-BFD6-76B7F132A56A}_Large.jpg

[2010/11/16 00:48:02 | 000,003,359 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArtSmall.jpg

[2010/11/16 00:48:02 | 000,003,359 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{083FAEB2-71DC-4423-BFD6-76B7F132A56A}_Small.jpg

[2010/11/16 00:38:44 | 001,127,134 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Break Up.mp3

[2010/11/16 00:38:23 | 005,654,656 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Far_East_Movement_-_Girls_On_the_Dancefloor.mp3

[2010/11/16 00:38:09 | 005,235,160 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Far East Movement - Boom Shake.mp3

[2010/11/15 22:38:22 | 000,312,455 | ---- | M] () -- C:\S4_20101115_223821.jpg

[2010/11/15 22:00:28 | 000,323,680 | ---- | M] () -- C:\S4_20101115_220027.jpg

[2010/11/15 21:39:15 | 000,301,572 | ---- | M] () -- C:\S4_20101115_213914.jpg

[2010/11/15 14:35:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-113007714-1417001333-1003.job

[2010/11/15 13:30:42 | 000,115,033 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_15112010_153108.png

[2010/11/15 13:25:25 | 000,801,289 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_15112010_152533.png

[2010/11/13 20:23:36 | 001,343,489 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_13112010_222026.png

[2010/11/13 20:22:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat

[2010/11/13 17:51:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job

[2010/11/13 04:23:51 | 000,002,725 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\New Text Document (7).nfo

[2010/11/12 21:49:14 | 000,134,261 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_12112010_224909.png

[2010/11/12 19:42:37 | 000,225,244 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_194246.jpg

[2010/11/12 19:25:33 | 000,224,451 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_192539.jpg

[2010/11/12 19:24:23 | 000,224,213 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_192416.jpg

[2010/11/12 19:22:23 | 000,231,704 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_191245.jpg

[2010/11/12 19:22:23 | 000,230,107 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_191243.jpg

[2010/11/12 19:22:22 | 000,239,700 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_191239.jpg

[2010/11/12 19:22:22 | 000,229,191 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_191241.jpg

[2010/11/12 17:53:38 | 000,000,074 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\keys.nfo

[2010/11/12 15:05:38 | 001,053,841 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\090923213102_6.jpg

[2010/11/12 14:58:42 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/12 14:50:35 | 000,642,540 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/12 14:50:34 | 000,134,100 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/12 14:48:38 | 001,374,669 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_12112010_154819.png

[2010/11/12 14:36:25 | 001,240,587 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\100401205643_7.jpg

[2010/11/11 14:12:46 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MicroVolts.lnk

[2010/11/11 01:56:36 | 001,174,956 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Craig Armstrong - World Trade Center Piano Theme.mp3

[2010/11/11 00:35:58 | 000,028,974 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\New Text Document (6).nfo

[2010/11/10 15:19:31 | 005,960,860 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\408c68474b546ed8a8b7debf2dba075a.mp3

[2010/11/10 15:18:35 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\2729838_Red__Fight_Inside.mp3

[2010/11/09 23:14:21 | 005,992,703 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\GenRoms.rar

[2010/11/09 23:12:46 | 002,318,499 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Gens32_Surreal_v1_86_HD.rar

[2010/11/09 22:26:05 | 000,154,126 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_09112010_232548.png

[2010/11/09 14:27:47 | 000,001,816 | ---- | M] () -- C:\WINDOWS\TSearch.INI

[2010/11/09 14:27:36 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Resume Download of The Lord of the Rings Online.url

[2010/11/09 05:48:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/11/09 01:29:24 | 019,657,194 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1.1.4-win32.exe

[2010/11/08 11:24:12 | 000,012,183 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\New Microsoft Office Word Document.docx

[2010/11/08 11:21:00 | 000,015,963 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\59DEAB2Cd01.pdf

[2010/11/07 20:41:21 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\untitled.bmp

[2010/11/07 14:52:00 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\New Text Document (5).nfo

[2010/11/06 22:58:23 | 000,013,287 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\20090125120218parabole.jpg

[2010/11/02 19:51:02 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CivilizationV.exe.lnk

[2010/11/02 15:32:45 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PhotoFiltre Studio X.lnk

[2010/11/01 15:22:11 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$rtificat de fin d.docx

[2010/10/31 23:40:17 | 000,048,844 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Could be better....JPG

[2010/10/31 23:26:14 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Info pour la preinscription.nfo

[2010/10/31 20:59:21 | 000,595,860 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_31102010_225956.png

[2010/10/31 20:56:09 | 000,585,754 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_31102010_225657.png

[2010/10/31 18:24:39 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/10/31 18:24:39 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/10/31 18:24:04 | 008,567,280 | ---- | M] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\Firefox Setup 3.6.12.exe

[2010/10/31 16:57:35 | 000,011,742 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Certificat de fin d.docx

[2010/10/31 15:53:55 | 005,776,991 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\01 Hips Don't Lie (Instrumental).mp3

[2010/10/31 10:08:11 | 004,878,720 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\02 The Way You Make Me Feel.mp3

[2010/10/31 10:08:10 | 003,563,110 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\03 Jai Ho! (You Are My Destiny).mp3

[2010/10/31 10:07:30 | 000,010,598 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{C03B257A-11B7-4E53-8564-B1EBB8EC9DEF}_Large.jpg

[2010/10/31 10:07:29 | 000,002,920 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{C03B257A-11B7-4E53-8564-B1EBB8EC9DEF}_Small.jpg

[2010/10/31 09:38:26 | 000,015,212 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{19D50E8C-01BD-458E-8356-8718BCD5D955}_Large.jpg

[2010/10/31 09:38:24 | 000,003,652 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{19D50E8C-01BD-458E-8356-8718BCD5D955}_Small.jpg

[2010/10/31 05:01:43 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\New Text Document (4).nfo

[2010/10/22 14:45:29 | 003,849,455 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cheryl Cole Feat Will.i.am 3 Words.mp3

[2010/10/19 21:49:23 | 003,466,694 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\TutorialFace2.jpg

[2010/10/19 21:45:29 | 000,036,887 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Image.jpg

[2010/10/19 19:40:33 | 000,143,520 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101019_193818.jpg

[2010/10/19 17:30:43 | 003,538,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/18 20:18:14 | 000,002,369 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Setup Ayevoice for Skype.lnk

[2010/10/18 20:08:46 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WhiteBoardMeeting.lnk

[2010/10/18 20:07:22 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TalkAndWrite.lnk

[2010/10/18 19:25:13 | 000,955,784 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Administrator\Desktop\SkypeSetup.exe

[2010/10/18 19:16:21 | 019,837,920 | ---- | M] (www.pokerth.net) -- C:\Documents and Settings\Administrator\Desktop\PokerTH-0.8.1-windows-installer.exe

[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/17 14:36:35 | 000,182,473 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20100918_041257.jpg

[2010/11/17 14:36:35 | 000,181,332 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20100918_040449.jpg

[2010/11/17 14:36:35 | 000,181,187 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20100918_040500.jpg

[2010/11/17 14:36:35 | 000,180,989 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20100918_040514.jpg

[2010/11/17 14:36:35 | 000,180,516 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20100918_040707.jpg

[2010/11/17 14:24:05 | 000,312,455 | ---- | C] () -- C:\S4_20101115_223821.jpg

[2010/11/17 14:23:52 | 000,323,680 | ---- | C] () -- C:\S4_20101115_220027.jpg

[2010/11/17 14:23:38 | 000,301,572 | ---- | C] () -- C:\S4_20101115_213914.jpg

[2010/11/17 04:03:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\New Text Document (10).nfo

[2010/11/17 03:26:07 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\uti3mza3.sys

[2010/11/16 22:21:56 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/11/16 15:48:32 | 000,015,963 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\59DEAB2Cd01.pdf

[2010/11/16 15:48:32 | 000,012,183 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\New Microsoft Office Word Document.docx

[2010/11/16 10:40:31 | 000,087,354 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\20071210_182632_rku37300509.rar

[2010/11/16 00:48:03 | 000,014,556 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{083FAEB2-71DC-4423-BFD6-76B7F132A56A}_Large.jpg

[2010/11/16 00:48:03 | 000,003,359 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{083FAEB2-71DC-4423-BFD6-76B7F132A56A}_Small.jpg

[2010/11/16 00:38:35 | 001,127,134 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Break Up.mp3

[2010/11/16 00:38:14 | 005,654,656 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Far_East_Movement_-_Girls_On_the_Dancefloor.mp3

[2010/11/16 00:37:58 | 005,235,160 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Far East Movement - Boom Shake.mp3

[2010/11/16 00:36:31 | 004,824,898 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\05 Round Round.mp3

[2010/11/15 13:30:37 | 000,115,033 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_15112010_153108.png

[2010/11/15 13:25:07 | 000,801,289 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_15112010_152533.png

[2010/11/13 20:23:01 | 001,343,489 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_13112010_222026.png

[2010/11/13 04:23:45 | 000,002,725 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\New Text Document (7).nfo

[2010/11/12 21:49:12 | 000,134,261 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_12112010_224909.png

[2010/11/12 19:42:36 | 000,225,244 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_194246.jpg

[2010/11/12 19:25:31 | 000,224,451 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_192539.jpg

[2010/11/12 19:24:22 | 000,224,213 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_192416.jpg

[2010/11/12 19:22:19 | 000,239,700 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_191239.jpg

[2010/11/12 19:22:19 | 000,231,704 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_191245.jpg

[2010/11/12 19:22:19 | 000,230,107 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_191243.jpg

[2010/11/12 19:22:19 | 000,229,191 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101112_191241.jpg

[2010/11/12 17:51:10 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\keys.nfo

[2010/11/12 15:05:37 | 001,053,841 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\090923213102_6.jpg

[2010/11/12 14:58:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/12 14:48:23 | 001,374,669 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_12112010_154819.png

[2010/11/12 14:36:25 | 001,240,587 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\100401205643_7.jpg

[2010/11/11 14:12:46 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MicroVolts.lnk

[2010/11/11 01:56:33 | 001,174,956 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Craig Armstrong - World Trade Center Piano Theme.mp3

[2010/11/10 23:47:07 | 000,028,974 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\New Text Document (6).nfo

[2010/11/10 15:19:23 | 005,960,860 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\408c68474b546ed8a8b7debf2dba075a.mp3

[2010/11/10 15:18:34 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\2729838_Red__Fight_Inside.mp3

[2010/11/09 23:13:07 | 005,992,703 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\GenRoms.rar

[2010/11/09 23:12:14 | 002,318,499 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Gens32_Surreal_v1_86_HD.rar

[2010/11/09 22:26:02 | 000,154,126 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_09112010_232548.png

[2010/11/09 14:27:36 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Resume Download of The Lord of the Rings Online.url

[2010/11/09 01:29:12 | 019,657,194 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1.1.4-win32.exe

[2010/11/07 20:40:38 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\untitled.bmp

[2010/11/07 14:32:19 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\New Text Document (5).nfo

[2010/11/06 22:58:22 | 000,013,287 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\20090125120218parabole.jpg

[2010/11/02 15:32:45 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PhotoFiltre Studio X.lnk

[2010/11/01 15:22:11 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$rtificat de fin d.docx

[2010/10/31 23:40:17 | 000,048,844 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Could be better....JPG

[2010/10/31 23:26:08 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Info pour la preinscription.nfo

[2010/10/31 20:58:25 | 000,595,860 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_31102010_225956.png

[2010/10/31 20:55:27 | 000,585,754 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_31102010_225657.png

[2010/10/31 13:31:34 | 000,011,742 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Certificat de fin d.docx

[2010/10/31 10:07:34 | 000,010,598 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{C03B257A-11B7-4E53-8564-B1EBB8EC9DEF}_Large.jpg

[2010/10/31 10:07:34 | 000,002,920 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{C03B257A-11B7-4E53-8564-B1EBB8EC9DEF}_Small.jpg

[2010/10/31 10:05:01 | 004,878,720 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\02 The Way You Make Me Feel.mp3

[2010/10/31 10:04:45 | 005,776,991 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\01 Hips Don't Lie (Instrumental).mp3

[2010/10/31 09:38:28 | 000,015,212 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{19D50E8C-01BD-458E-8356-8718BCD5D955}_Large.jpg

[2010/10/31 09:38:28 | 000,014,556 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\Folder.jpg

[2010/10/31 09:38:28 | 000,003,652 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArt_{19D50E8C-01BD-458E-8356-8718BCD5D955}_Small.jpg

[2010/10/31 09:38:28 | 000,003,359 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\AlbumArtSmall.jpg

[2010/10/31 09:26:26 | 003,563,110 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\03 Jai Ho! (You Are My Destiny).mp3

[2010/10/31 03:48:36 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\New Text Document (4).nfo

[2010/10/19 21:49:22 | 003,466,694 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\TutorialFace2.jpg

[2010/10/19 21:45:28 | 000,036,887 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Image.jpg

[2010/10/19 19:40:30 | 000,143,520 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\S4_20101019_193818.jpg

[2010/10/18 22:40:26 | 000,039,906 | ---- | C] () -- C:\Image45.jpg

[2010/10/18 22:39:08 | 000,038,009 | ---- | C] () -- C:\Image19.jpg

[2010/10/18 20:18:14 | 000,002,369 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Setup Ayevoice for Skype.lnk

[2010/10/18 20:08:46 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WhiteBoardMeeting.lnk

[2010/10/18 20:07:23 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\emfxp.dll

[2010/10/18 20:07:23 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\unpdf.exe

[2010/10/18 20:07:22 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TalkAndWrite.lnk

[2010/10/18 19:40:06 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/10/07 04:07:01 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\microday08.dll

[2010/10/07 04:06:58 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\mypath0079.dll

[2010/10/07 04:06:58 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\MTX0CI.dll

[2010/09/25 12:14:07 | 000,000,513 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Current.prx

[2010/08/22 15:46:06 | 000,000,275 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/08/20 01:24:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI

[2010/08/19 16:22:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat

[2010/08/19 05:23:03 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll

[2010/08/16 22:59:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache

[2010/08/10 00:54:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2010/08/06 03:17:36 | 095,922,664 | ---- | C] () -- C:\Program Files\pcsx2-r1888.rar

[2010/07/20 04:28:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\np_plugin.dll

[2010/07/18 04:37:45 | 000,702,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/07/16 17:46:52 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\config.ini

[2010/07/01 21:43:25 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GKLauncherInfo.ini

[2010/06/25 11:39:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI

[2010/06/16 17:47:32 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

[2010/06/16 15:23:29 | 000,878,080 | ---- | C] () -- C:\WINDOWS\System32\iconv.dll

[2010/06/16 15:23:29 | 000,721,920 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll

[2010/06/16 15:23:29 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\libxslt.dll

[2010/06/16 15:23:29 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\libexslt.dll

[2010/06/15 18:29:52 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Converter.INI

[2010/06/03 17:42:14 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys

[2010/06/03 17:42:14 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini

[2010/06/03 17:42:13 | 009,602,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys

[2010/05/31 16:25:37 | 000,000,033 | ---- | C] () -- C:\WINDOWS\render.ini

[2010/05/29 20:04:58 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll

[2010/05/24 15:10:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI

[2010/05/23 12:46:38 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys

[2010/05/22 10:10:19 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll

[2010/05/22 08:52:26 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/05/15 18:33:21 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll

[2010/05/02 17:20:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\asr32312.dll

[2010/05/02 17:20:38 | 000,000,070 | ---- | C] () -- C:\WINDOWS\HGSpeech.ini

[2010/05/02 17:19:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI

[2010/04/18 11:49:03 | 000,001,816 | ---- | C] () -- C:\WINDOWS\TSearch.INI

[2010/04/13 18:50:28 | 000,000,318 | ---- | C] () -- C:\WINDOWS\XTrapVa.INI

[2010/04/12 23:19:14 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys

[2010/03/21 12:06:45 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2010/02/28 16:17:48 | 003,284,480 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2010/02/26 20:25:53 | 000,000,203 | ---- | C] () -- C:\WINDOWS\GSdx9 sse2.INI

[2010/02/10 17:22:23 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2010/02/10 17:22:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2010/01/13 16:49:40 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll

[2010/01/03 20:53:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2009/11/06 09:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009/11/01 19:09:45 | 000,218,624 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/25 14:59:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009/10/25 14:22:45 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009/10/25 14:22:45 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009/10/24 18:25:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/10/24 16:56:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini

[2009/07/09 02:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll

[2008/11/05 13:42:45 | 000,062,400 | ---- | C] () -- C:\WINDOWS\System32\IFC.dll

[2008/11/05 13:41:56 | 000,422,848 | ---- | C] () -- C:\WINDOWS\System32\PPL.dll

[2008/04/14 11:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll

[2007/08/21 19:46:34 | 000,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

[2006/11/01 07:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2006/11/01 07:52:38 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2005/01/25 15:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207Usd.dll

[2003/09/23 13:40:34 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll

[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:??????????

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BF268CC

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5

< End of report >

Link to post
Share on other sites

Not right now, I will get Nod32 back and see how it goes, but I already have noticed that my Operating Syetm runs alright now.

Thank you for the help, I will keep you informed concerning how it goes with Nod32.

I forgot to add that my HDD is sharing itself, each time I stop it, right after I restart my computer, It does share again.

Could that be caused by the viruses? I am expecting "wmsoft" to cause it.

Link to post
Share on other sites

You are welcome. :)

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.