Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with FAKE virus


  • This topic is locked This topic is locked
5 replies to this topic

#1 MarineGeneral

MarineGeneral

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 23 November 2009 - 09:37 PM

Hello everyone I'm new here,

Well I got an alarm notice from my anti-virus (avast pro). I knew it was a fake virus because it started with the typical screen scanning for viruses. So what I did was go into safe mode and access the msconfig to dsiabled whatever program i didn't regconize. Then I scan with Malwarebytes' Anti-Malware which found 1 infected file which was remove. Then I scan with SUPERAntiSpyware which also found 1 infected file and it was also remove. The last thing was to do a boot scan with avast anti-virus which found 3 infected files within quickbooks point of sale and dvdfab directories. After the boot scan I uninstalled both programs because I really don't use either and I used revo uninstaller (I think was the name).

Now after all that I still have no internet access unless I login as a different user.

I tried follow the instructions but DDS did not create any log for me. I did disabled my script blocking.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/23 21:20
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: awptyiw6.SYS
Image Path: C:\WINDOWS\System32\Drivers\awptyiw6.SYS
Address: 0xF70A4000 Size: 421888 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF5B9F000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AAD000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_NTPNP0830
Image Path: \Driver\PCI_NTPNP0830
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF0ACF000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\alfredo\local settings\temp\~df8c78.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\alfredo\local settings\temp\~dfa07a.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5cab6b8

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\vsdatant.sys" at address 0xf15c561d

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5cab574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5caba52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5cab14c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf749efb2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf749f340

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5cab64e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\vsdatant.sys" at address 0xf15d66f0

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5cab0f0

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf749f418

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5cab76e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5cab72e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5cab8ae

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x857d21e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x8547a790 Size: 121

Object: Hidden Code [Driver: {8FF, IRP_MJ_CREATE]
Process: System Address: 0x854fd1e8 Size: 121

Object: Hidden Code [Driver: {8FF, IRP_MJ_CLOSE]
Process: System Address: 0x854fd1e8 Size: 121

Object: Hidden Code [Driver: {8FF, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x854fd1e8 Size: 121

Object: Hidden Code [Driver: {8FF, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x854fd1e8 Size: 121

Object: Hidden Code [Driver: {8FF, IRP_MJ_POWER]
Process: System Address: 0x854fd1e8 Size: 121

Object: Hidden Code [Driver: {8FF, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x854fd1e8 Size: 121

Object: Hidden Code [Driver: {8FF, IRP_MJ_PNP]
Process: System Address: 0x854fd1e8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x85606790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x85606790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x85606790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x85606790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85606790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85606790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85606790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85606790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x85606790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85606790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x85606790 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x855e61e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x855e61e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x855e61e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x855e61e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x855e61e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x855e61e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x855e61e8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x855fd790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x855fd790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x855fd790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x855fd790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x855fd790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x855fd790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x855fd790 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x857611e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x857611e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x857611e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x857611e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x857611e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x857611e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x857611e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x857611e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x857611e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x857611e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x857611e8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x8542c460 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x8542c460 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x8542c460 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x8542c460 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8542c460 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8542c460 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x8542c460 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8542c460 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x8542c460 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x857d41e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x857d41e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x857d41e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x857d41e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x857d41e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x857d41e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x857d41e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x857d41e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x857d41e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x857d41e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x857d41e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x85591790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x85591790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85591790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85591790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x85591790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x85591790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x851e91e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅ౨瑎晦܂╚ੈ, IRP_MJ_CREATE]
Process: System Address: 0x8546c790 Size: 121

Object: Hidden Code [Driver: Cdfsȅ౨瑎晦܂╚ੈ, IRP_MJ_CLOSE]
Process: System Address: 0x8546c790 Size: 121

Object: Hidden Code [Driver: Cdfsȅ౨瑎晦܂╚ੈ, IRP_MJ_READ]
Process: System Address: 0x8546c790 Size: 121

Object: Hidden Code [Driver: Cdfsȅ౨瑎晦܂╚ੈ, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8546c790 Size: 121

Object: Hidden Code [Driver: Cdfsȅ౨瑎晦܂╚ੈ, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8546c790 Size: 121

Object: Hidden Code [Driver: Cdfsȅ౨瑎晦܂╚ੈ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8546c790 Size: 121

Object: Hidden Code [Driver: Cdfsȅ౨瑎晦܂╚ੈ, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8546c790 Size: 121

Object: Hidden Code [Driver: Cdfsȅ౨瑎晦܂╚ੈ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8546c790 Size: 121

Object: Hidden Code [Driver: Cdfsȅ౨瑎晦܂╚ੈ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8546c790 Size: 121

Object: Hidden Code [Driver: Cdfsȅ౨瑎晦܂╚ੈ, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8546c790 Size: 121

Object: Hidden Code [Driver: Cdfsȅ౨瑎晦܂╚ੈ, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8546c790 Size: 121

Object: Hidden Code [Driver: Cdfsȅ౨瑎晦܂╚ੈ, IRP_MJ_CLEANUP]
Process: System Address: 0x8546c790 Size: 121

Object: Hidden Code [Driver: Cdfsȅ౨瑎晦܂╚ੈ, IRP_MJ_PNP]
Process: System Address: 0x8546c790 Size: 121

Shadow SSDT
-------------------
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\system32\vsdatant.sys" at address 0xf15c5270

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\system32\vsdatant.sys" at address 0xf15c52c0

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\system32\vsdatant.sys" at address 0xf15c5380

==EOF==

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:39 PM

Posted 24 November 2009 - 08:25 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %SYSTEMDRIVE%\nvatabus.sys /s /md5
    %SYSTEMDRIVE%\viamraid.sys /s /md5
    %SYSTEMDRIVE%\nvata.sys /s /md5
    CREATERESTOREPOINT



  • Click the "Run Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 MarineGeneral

MarineGeneral
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 24 November 2009 - 10:50 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report

  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %SYSTEMDRIVE%\nvatabus.sys /s /md5
    %SYSTEMDRIVE%\viamraid.sys /s /md5
    %SYSTEMDRIVE%\nvata.sys /s /md5
    CREATERESTOREPOINT



  • Click the "Run Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.



Hello Sam my name is Alfredo

OTL only seem to create one log from the scan
also I just notice two iexplore running but I've only open one

OTL logfile created on: 11/24/2009 10:23:46 AM - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\ALFREDO\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

958.42 Mb Total Physical Memory | 570.48 Mb Available Physical Memory | 59.52% Memory free
2.26 Gb Paging File | 1.89 Gb Available in Paging File | 83.39% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 22.88 Gb Free Space | 39.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 482.30 Mb Total Space | 64.33 Mb Free Space | 13.34% Space Free | Partition Type: FAT

Computer Name: ALPHA
Current User Name: ALFREDO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/24 10:17:44 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALFREDO\Desktop\OTL.exe
PRC - [2009/10/28 00:39:52 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/15 06:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 06:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 19:04:00 | 01,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007/06/27 19:03:40 | 00,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/05/03 09:48:46 | 00,307,200 | ---- | M] (ta2027) -- C:\Program Files\Styler\Styler.exe
PRC - [2005/03/11 17:33:28 | 00,147,456 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2005/03/08 02:33:28 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2003/11/15 17:20:28 | 00,689,248 | ---- | M] (Zone Labs Inc.) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2003/11/15 17:19:40 | 00,824,408 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe


========== Modules (SafeList) ==========

MOD - [2009/11/24 10:17:44 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALFREDO\Desktop\OTL.exe
MOD - [2009/09/15 06:55:49 | 00,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:56 | 01,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2006/05/02 04:10:50 | 00,053,248 | ---- | M] (ta2027) -- C:\Program Files\Styler\StylerHelper.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/09/15 06:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/06/29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/02/05 09:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 09:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 01:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/11/15 17:19:40 | 00,824,408 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)


========== Driver Services (SafeList) ==========

DRV - [2009/10/27 04:48:40 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/10/27 04:19:31 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/15 06:56:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/09/15 06:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 06:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/15 06:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/09/15 06:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/09/15 06:53:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/04 14:50:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/04 14:50:00 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/04 14:49:58 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/04/13 12:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/10/18 01:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/08/24 12:08:36 | 00,237,312 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx)
DRV - [2004/12/16 12:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV)
DRV - [2004/02/23 21:21:22 | 00,611,441 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/11 23:54:14 | 00,391,424 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/10 02:21:16 | 00,004,224 | R--- | M] (ABIT Computer Corp.) -- C:\WINDOWS\system32\drivers\AC2003.sys -- (AC2003)
DRV - [2003/11/15 17:19:28 | 00,228,160 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 07:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-220523388-507921405-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-220523388-507921405-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-220523388-507921405-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-220523388-507921405-725345543-1003\S-1-5-21-220523388-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-220523388-507921405-725345543-1003\S-1-5-21-220523388-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-220523388-507921405-725345543-1003\S-1-5-21-220523388-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-21-220523388-507921405-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-220523388-507921405-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-220523388-507921405-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-220523388-507921405-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-220523388-507921405-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-220523388-507921405-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C D8 95 05 1C 69 CA 01 [binary data]
IE - HKU\S-1-5-21-220523388-507921405-725345543-1004\S-1-5-21-220523388-507921405-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2009/10/28 00:40:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/31 02:02:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/31 18:42:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/30 01:02:46 | 00,000,000 | ---D | M]

[2009/10/31 18:42:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALFREDO\Application Data\Mozilla\Extensions
[2009/10/31 18:42:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALFREDO\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/18 15:47:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALFREDO\Application Data\Mozilla\Firefox\Profiles\f4r0z8o5.default\extensions
[2009/11/02 00:34:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ALFREDO\Application Data\Mozilla\Firefox\Profiles\f4r0z8o5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/31 18:42:09 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/31 18:42:09 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/16 15:08:14 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/16 15:08:15 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/16 15:08:16 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/10/16 12:58:44 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/16 12:58:44 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/16 12:58:44 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/16 12:58:44 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/16 12:58:44 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/16 12:58:44 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/16 12:58:44 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs Inc.)
O4 - HKU\S-1-5-21-220523388-507921405-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-220523388-507921405-725345543-1003..\Run: [cdloader] C:\Documents and Settings\ALFREDO\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-220523388-507921405-725345543-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-220523388-507921405-725345543-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-220523388-507921405-725345543-1004..\Run: [cdloader] C:\Documents and Settings\Daniel\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - Startup: C:\Documents and Settings\ALFREDO\Start Menu\Programs\Startup\Styler.lnk = C:\Documents and Settings\ALFREDO\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-507921405-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1256628285386 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1256628276432 (MUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/27 03:07:23 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0f7f570b-c944-11de-9b2b-0019215a2947}\Shell\AutoRun\command - "" = J:\podcastready.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\H\Shell\phone\command - "" = H:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/10/27 03:06:58 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173478272663552)

========== Files/Folders - Created Within 30 Days ==========

[2009/11/24 10:22:15 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ALFREDO\Desktop\OTL.exe
[2009/11/23 21:19:03 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\ALFREDO\Desktop\RootRepeal.exe
[2009/11/23 07:59:18 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/11/23 05:00:53 | 05,893,592 | -H-- | C] () -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\IconCache.db
[2009/11/20 19:57:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Desktop\ALREADY CALLED
[2009/11/20 19:57:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Desktop\JOBS TO CALL
[2009/11/18 22:03:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Desktop\Ramdom Files
[2009/11/18 21:35:58 | 00,022,316 | ---- | C] () -- C:\WINDOWS\Fonts\LCD.ttf
[2009/11/18 21:35:58 | 00,021,572 | ---- | C] () -- C:\WINDOWS\Fonts\Vdj.ttf
[2009/11/18 21:35:49 | 00,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2009/11/18 21:35:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\My Documents\VirtualDJ
[2009/11/18 19:23:06 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/18 11:53:17 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\ALFREDO\Recent
[2009/11/18 11:29:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\tjnet
[2009/11/11 15:28:50 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/11/11 15:28:30 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/11/11 15:26:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/11/11 15:26:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/11/06 09:32:37 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/11/05 20:04:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/11/03 01:09:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\My Documents\Wondershare DVD Ripper Platinum
[2009/11/03 01:08:45 | 00,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2009/11/03 00:49:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\CyberLink
[2009/11/03 00:46:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\My Documents\AnyDVDHD
[2009/11/03 00:45:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/11/03 00:45:22 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/11/03 00:30:44 | 00,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2009/11/02 23:01:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\My Documents\DVDFab
[2009/11/02 22:45:29 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2009/11/02 22:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/11/02 22:43:11 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2009/11/01 10:07:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\My Documents\7.ULTIMATE
[2009/11/01 00:29:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/11/01 00:16:07 | 00,000,000 | ---D | C] -- C:\Program Files\CITIZEN SYSTEMS JAPAN
[2009/10/31 23:31:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\My Documents\REGISTRY BACKUPS
[2009/10/31 18:42:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\Mozilla
[2009/10/31 18:42:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\Mozilla
[2009/10/31 18:42:07 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/29 14:27:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\intuit
[2009/10/29 14:27:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2009/10/29 14:16:34 | 01,933,312 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf251.dll
[2009/10/29 13:58:18 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\fusioncache.dat
[2009/10/29 13:58:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/10/29 13:58:00 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/10/29 13:57:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/10/29 13:57:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\Intuit
[2009/10/29 13:55:50 | 00,000,000 | ---D | C] -- C:\Program Files\Intuit
[2009/10/29 13:55:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2009/10/29 13:53:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\ApplicationHistory
[2009/10/29 13:51:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2009/10/29 13:48:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/10/29 13:37:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Intuit
[2009/10/29 13:31:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\Download Manager
[2009/10/29 13:30:54 | 00,000,000 | ---D | C] -- C:\Program Files\Akamai
[2009/10/29 11:49:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\My Documents\store videos
[2009/10/29 11:48:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/10/29 11:48:14 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/10/29 11:48:04 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/29 11:47:13 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/10/29 11:47:13 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/10/29 11:47:13 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/10/29 11:47:13 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/10/29 11:47:13 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/10/29 11:47:13 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/10/29 11:47:13 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/10/29 11:47:13 | 00,000,000 | ---D | C] -- C:\c98b09ff1f82be2be59c
[2009/10/29 11:38:58 | 00,035,196 | ---- | C] () -- C:\WINDOWS\Fonts\AdvHC39c.ttf
[2009/10/29 11:38:58 | 00,001,409 | ---- | C] () -- C:\WINDOWS\Fonts\AdvHC39c.fot
[2009/10/29 11:38:26 | 00,133,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcans32.dll
[2009/10/29 11:38:26 | 00,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcuia32.dll
[2009/10/29 11:38:03 | 00,000,000 | ---D | C] -- C:\Program Files\Retail ICE
[2009/10/29 11:35:07 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/10/29 11:34:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/10/29 11:31:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\AdobeUM
[2009/10/29 11:31:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\Adobe
[2009/10/29 11:31:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\My Documents\My eBooks
[2009/10/29 11:31:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/10/29 10:52:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/10/29 10:52:42 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/10/29 10:50:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2009/10/29 08:35:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/29 08:35:47 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/10/28 22:46:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\ImgBurn
[2009/10/28 22:15:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\My Documents\Downloads
[2009/10/28 22:13:10 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/10/28 22:12:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\uTorrent
[2009/10/28 19:49:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\My Documents\movie downloads
[2009/10/28 14:19:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\My Documents\WORD
[2009/10/28 13:24:49 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Application Data\vso_ts_preview.xml
[2009/10/28 13:15:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\SonicStage
[2009/10/28 13:12:11 | 00,090,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\snymsico.dll
[2009/10/28 13:12:11 | 00,038,951 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\NETMDUSB.sys
[2009/10/28 13:12:11 | 00,036,679 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\NETMD052.sys
[2009/10/28 13:12:11 | 00,036,232 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\NETMD033.sys
[2009/10/28 13:12:11 | 00,035,319 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\NETMD031.sys
[2009/10/28 13:11:51 | 00,770,048 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CDDBUISony.dll
[2009/10/28 13:11:50 | 00,655,360 | ---- | C] (Gracenote, Inc.) -- C:\WINDOWS\System32\CDDBControlSony.dll
[2009/10/28 13:11:50 | 00,589,824 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CddbMusicIDSony.dll
[2009/10/28 13:11:50 | 00,073,728 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CddbLinkSony.dll
[2009/10/28 13:11:49 | 01,329,912 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2009/10/28 13:11:49 | 00,498,424 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2009/10/28 13:11:49 | 00,379,640 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2009/10/28 13:11:49 | 00,183,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2009/10/28 13:11:49 | 00,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2009/10/28 13:11:49 | 00,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2009/10/28 13:11:49 | 00,116,472 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2009/10/28 13:11:49 | 00,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2009/10/28 13:11:49 | 00,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2009/10/28 13:11:49 | 00,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2009/10/28 13:11:49 | 00,039,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2009/10/28 13:11:49 | 00,036,624 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\PxHelp20.sys
[2009/10/28 13:11:49 | 00,002,560 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2009/10/28 13:11:49 | 00,002,432 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2009/10/28 13:11:48 | 00,527,096 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2009/10/28 13:11:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2009/10/28 13:10:19 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/10/28 13:09:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2009/10/28 13:09:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\Sony Corporation
[2009/10/28 10:21:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\Styler
[2009/10/28 10:13:04 | 00,000,000 | ---D | C] -- C:\Program Files\Styler
[2009/10/28 10:03:33 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/10/28 10:01:48 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.uxtender
[2009/10/28 01:56:50 | 00,315,392 | ---- | C] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe
[2009/10/28 01:56:48 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2009/10/28 01:56:48 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2009/10/28 01:56:48 | 00,084,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PICCLP32.OCX
[2009/10/28 01:56:48 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PCCLPFR.DLL
[2009/10/28 01:56:47 | 00,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2009/10/28 01:56:47 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2009/10/28 01:56:47 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2009/10/28 01:56:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\FreeFLVConverter
[2009/10/28 01:56:47 | 00,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter
[2009/10/28 00:40:23 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/28 00:40:17 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/28 00:40:17 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/28 00:40:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/10/28 00:39:53 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/10/28 00:39:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/10/28 00:39:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/10/28 00:39:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\Real
[2009/10/27 14:41:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\mjusbsp
[2009/10/27 14:41:01 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2009/10/27 14:41:01 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/10/27 14:40:52 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/10/27 14:40:52 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/10/27 14:20:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\My Documents\software
[2009/10/27 14:15:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/10/27 14:02:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2009/10/27 13:00:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\Ahead
[2009/10/27 12:56:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\Ahead
[2009/10/27 12:56:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/10/27 12:53:56 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/10/27 12:53:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/10/27 12:53:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2009/10/27 12:53:26 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/10/27 12:53:23 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/10/27 12:16:04 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/10/27 12:09:28 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/10/27 12:09:28 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/10/27 12:09:27 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/10/27 12:09:27 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/10/27 12:09:27 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/10/27 12:09:26 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/10/27 12:09:25 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/10/27 12:09:24 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/10/27 12:08:56 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/10/27 12:08:27 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/10/27 12:07:48 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/10/27 12:07:22 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/10/27 12:07:19 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/10/27 12:07:15 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/10/27 12:07:11 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/10/27 12:06:12 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/10/27 12:05:20 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/10/27 12:05:18 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/10/27 12:05:17 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/10/27 12:04:45 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/10/27 12:04:38 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/10/27 12:04:22 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/10/27 12:04:19 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/10/27 12:02:02 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ALFREDO\IECompatCache
[2009/10/27 12:01:14 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ALFREDO\PrivacIE
[2009/10/27 12:00:13 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ALFREDO\IETldCache
[2009/10/27 11:58:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/10/27 11:57:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/10/27 11:56:23 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/27 11:54:37 | 26,768,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/27 11:54:25 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/10/27 11:54:25 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/10/27 11:54:25 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/10/27 11:54:24 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/10/27 11:54:23 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/10/27 11:54:21 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/10/27 11:51:37 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/10/27 11:51:36 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/10/27 11:49:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/10/27 11:42:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/10/27 11:42:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/10/27 11:42:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/10/27 11:42:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/10/27 11:37:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/10/27 06:13:19 | 00,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2009/10/27 06:13:13 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2009/10/27 06:13:03 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/10/27 06:12:54 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/10/27 06:12:47 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/10/27 06:12:47 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/10/27 06:12:33 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/10/27 06:12:25 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2009/10/27 06:12:24 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/10/27 06:12:24 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/10/27 06:12:07 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/10/27 06:12:06 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/10/27 06:12:01 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/10/27 06:11:59 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/10/27 06:11:57 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/10/27 06:11:53 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/10/27 06:11:52 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/10/27 06:11:52 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/10/27 06:11:46 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/10/27 06:11:38 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/10/27 06:11:24 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/10/27 06:11:24 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/10/27 06:11:23 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/10/27 06:11:22 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2009/10/27 06:11:22 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/10/27 06:11:21 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2009/10/27 06:11:21 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/10/27 06:11:18 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/10/27 06:11:18 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/10/27 06:10:46 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/10/27 06:10:46 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/10/27 06:10:45 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/10/27 06:10:45 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/10/27 06:10:26 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/10/27 06:10:25 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/10/27 06:10:24 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/10/27 06:10:24 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/10/27 06:10:24 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/10/27 06:10:23 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/10/27 06:10:20 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2009/10/27 06:10:20 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pidgen.dll
[2009/10/27 06:10:03 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/10/27 06:10:02 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/10/27 06:09:33 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/10/27 06:09:33 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/10/27 06:09:33 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/10/27 06:09:33 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/10/27 06:09:33 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/10/27 06:09:32 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/10/27 06:09:32 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/10/27 06:09:32 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/10/27 06:09:28 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/10/27 06:09:28 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/10/27 06:09:27 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/10/27 06:09:27 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/10/27 06:09:27 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/10/27 06:09:27 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/10/27 06:09:27 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/10/27 06:09:25 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/10/27 06:09:25 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/10/27 06:09:23 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/10/27 06:09:21 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/10/27 06:09:16 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/10/27 06:09:15 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/10/27 06:09:10 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/10/27 05:44:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/10/27 05:44:46 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/10/27 05:44:28 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2009/10/27 05:38:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\Adobe
[2009/10/27 05:38:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\Macromedia
[2009/10/27 05:34:05 | 00,000,000 | ---D | C] -- C:\Program Files\S3
[2009/10/27 05:25:23 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2009/10/27 05:25:21 | 00,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2009/10/27 05:25:20 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
[2009/10/27 05:25:19 | 00,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2009/10/27 05:25:18 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2009/10/27 05:25:17 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2009/10/27 05:25:16 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2009/10/27 05:25:14 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2009/10/27 05:25:13 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2009/10/27 05:25:12 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2009/10/27 05:25:11 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2009/10/27 05:24:13 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2009/10/27 05:24:13 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2009/10/27 05:24:12 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009/10/27 04:59:21 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/10/27 04:59:08 | 00,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2009/10/27 04:48:49 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Application Data\pcouffin.log
[2009/10/27 04:48:40 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Application Data\inst.exe
[2009/10/27 04:48:40 | 00,047,360 | ---- | C] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/10/27 04:48:40 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\ALFREDO\Application Data\pcouffin.sys
[2009/10/27 04:48:40 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Application Data\pcouffin.cat
[2009/10/27 04:48:40 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Application Data\pcouffin.inf
[2009/10/27 04:48:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\Vso
[2009/10/27 04:48:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\My Documents\PcSetup
[2009/10/27 04:48:33 | 00,626,688 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2009/10/27 04:48:33 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/10/27 04:48:33 | 00,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv43260.dll
[2009/10/27 04:48:33 | 00,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv33260.dll
[2009/10/27 04:48:33 | 00,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv23260.dll
[2009/10/27 04:48:33 | 00,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\cook3260.dll
[2009/10/27 04:48:32 | 01,645,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\gdiplus.dll
[2009/10/27 04:48:30 | 00,000,000 | ---D | C] -- C:\Program Files\VSO
[2009/10/27 04:46:59 | 00,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2009/10/27 04:46:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Applian FLV Player
[2009/10/27 04:46:16 | 00,397,312 | ---- | C] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\System32\VTovrlay.dll
[2009/10/27 04:46:16 | 00,262,144 | ---- | C] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\System32\VTInfo2.dll
[2009/10/27 04:46:16 | 00,237,312 | ---- | C] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\System32\drivers\vtmini.sys
[2009/10/27 04:46:16 | 00,147,456 | ---- | C] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\System32\VTTrayp.exe
[2009/10/27 04:46:16 | 00,053,248 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\VTTimer.exe
[2009/10/27 04:46:15 | 01,875,968 | ---- | C] (VIA/S3 Graphics, Inc.) -- C:\WINDOWS\System32\vticd.dll
[2009/10/27 04:46:15 | 00,581,632 | ---- | C] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\System32\VTDisply.dll
[2009/10/27 04:46:15 | 00,360,448 | ---- | C] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\System32\VTGamma2.dll
[2009/10/27 04:46:14 | 03,495,808 | ---- | C] (VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\System32\vtdisp.dll
[2009/10/27 04:46:14 | 00,025,600 | R--- | C] (VIA) -- C:\WINDOWS\System32\VModes.exe
[2009/10/27 04:45:42 | 00,000,000 | ---D | C] -- C:\drivers
[2009/10/27 04:40:50 | 00,132,192 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vspubapi.dll
[2009/10/27 04:40:50 | 00,099,416 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsxml.dll
[2009/10/27 04:40:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/10/27 04:40:50 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/10/27 04:40:49 | 00,228,160 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsdatant.sys
[2009/10/27 04:40:49 | 00,111,712 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsmonapi.dll
[2009/10/27 04:40:18 | 00,279,648 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil.dll
[2009/10/27 04:40:18 | 00,074,848 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsinit.dll
[2009/10/27 04:40:18 | 00,070,752 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsdata.dll
[2009/10/27 04:40:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2009/10/27 04:38:26 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/10/27 04:34:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2009/10/27 04:34:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/10/27 04:34:41 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2009/10/27 04:33:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/27 04:33:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\SUPERAntiSpyware.com
[2009/10/27 04:33:12 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/27 04:32:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/27 04:32:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\Malwarebytes
[2009/10/27 04:32:23 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/27 04:32:21 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/27 04:32:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/27 04:32:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/27 04:31:26 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/27 04:31:25 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/27 04:31:24 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/27 04:31:23 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/10/27 04:31:22 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/27 04:31:22 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/27 04:31:22 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/27 04:31:22 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/27 04:31:01 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/10/27 04:31:01 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009/10/27 04:31:01 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCP71.dll
[2009/10/27 04:31:01 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCR71.dll
[2009/10/27 04:30:58 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/10/27 04:29:25 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ALFREDO\My Documents\My Videos
[2009/10/27 04:28:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2009/10/27 04:27:09 | 00,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/10/27 04:27:04 | 00,000,000 | ---D | C] -- C:\Program Files\Codec Pack - All In 1
[2009/10/27 04:23:52 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools
[2009/10/27 04:20:12 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2009/10/27 04:19:58 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2009/10/27 04:17:21 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/10/27 04:16:53 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/10/27 04:16:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/10/27 04:14:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2009/10/27 04:13:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\Microsoft Help
[2009/10/27 04:13:48 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/10/27 04:13:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/10/27 04:13:29 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/10/27 04:11:00 | 00,004,224 | R--- | C] (ABIT Computer Corp.) -- C:\WINDOWS\System32\drivers\AC2003.sys
[2009/10/27 04:10:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\My Documents\CyberLink
[2009/10/27 04:10:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/10/27 04:09:48 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/10/27 04:09:45 | 00,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2009/10/27 04:09:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/10/27 04:09:09 | 00,000,000 | ---D | C] -- C:\Program Files\The Playa
[2009/10/27 04:09:04 | 00,000,000 | ---D | C] -- C:\Program Files\XviD
[2009/10/27 04:09:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\quicktime
[2009/10/27 04:09:04 | 00,000,000 | ---D | C] -- C:\Program Files\NimoCodec Pack
[2009/10/27 04:09:03 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/10/27 04:09:02 | 00,000,000 | ---D | C] -- C:\Program Files\DivXCodec
[2009/10/27 04:07:34 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/27 03:24:00 | 00,069,608 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/27 03:23:03 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/10/27 03:22:21 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/10/27 03:11:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2009/10/27 03:11:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2009/10/27 03:11:27 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/10/27 03:11:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Application Data\Identities
[2009/10/27 03:11:19 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ALFREDO\My Documents\My Music
[2009/10/27 03:11:19 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/10/27 03:11:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ALFREDO\My Documents\My Pictures
[2009/10/27 03:11:15 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\ALFREDO\Application Data\desktop.ini
[2009/10/27 03:11:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\Microsoft
[2009/10/27 03:11:14 | 00,000,000 | --SD | C] -- C:\Documents and Settings\ALFREDO\Application Data\Microsoft
[2009/10/27 03:11:14 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\ALFREDO\SendTo
[2009/10/27 03:11:14 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\ALFREDO\Application Data
[2009/10/27 03:11:14 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ALFREDO\Start Menu
[2009/10/27 03:11:14 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ALFREDO\My Documents
[2009/10/27 03:11:14 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ALFREDO\Favorites
[2009/10/27 03:11:14 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ALFREDO\Cookies
[2009/10/27 03:11:14 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\ALFREDO\Templates
[2009/10/27 03:11:14 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\ALFREDO\PrintHood
[2009/10/27 03:11:14 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\ALFREDO\NetHood
[2009/10/27 03:11:14 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\ALFREDO\Local Settings
[2009/10/27 03:11:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ALFREDO\Desktop
[2009/10/27 03:10:28 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/10/27 03:10:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/10/27 03:09:13 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/10/27 03:09:13 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/10/27 03:09:13 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/10/27 03:09:12 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/10/27 03:09:12 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/10/27 03:09:12 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/10/27 03:09:11 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/10/27 03:09:11 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/10/27 03:09:10 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/10/27 03:09:09 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/10/27 03:09:09 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/10/27 03:09:09 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/10/27 03:09:09 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/10/27 03:09:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/10/27 03:09:09 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/10/27 03:09:07 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/10/27 03:09:07 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/10/27 03:09:06 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/10/27 03:09:05 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/10/27 03:09:05 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/10/27 03:09:05 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/10/27 03:09:05 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/10/27 03:09:05 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/10/27 03:09:04 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/10/27 03:09:04 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/10/27 03:09:04 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/10/27 03:09:03 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/10/27 03:09:02 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/10/27 03:09:01 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/10/27 03:09:01 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/10/27 03:09:01 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/10/27 03:09:00 | 00,431,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsvc.dll
[2009/10/27 03:09:00 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/10/27 03:09:00 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll
[2009/10/27 03:08:59 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/10/27 03:08:59 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/10/27 03:08:59 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/10/27 03:08:59 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/10/27 03:08:59 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/10/27 03:08:59 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/10/27 03:08:59 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/10/27 03:08:59 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/10/27 03:08:59 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/10/27 03:08:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/10/27 03:08:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/10/27 03:08:58 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/10/27 03:08:58 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/10/27 03:08:58 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/10/27 03:08:58 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/10/27 03:08:58 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/10/27 03:08:58 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/10/27 03:08:56 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll
[2009/10/27 03:08:56 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/10/27 03:08:55 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/10/27 03:08:55 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/10/27 03:08:55 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/10/27 03:08:55 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll
[2009/10/27 03:08:54 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/10/27 03:08:53 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/10/27 03:08:53 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/10/27 03:08:52 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/10/27 03:08:52 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/10/27 03:08:52 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/10/27 03:08:51 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/10/27 03:08:51 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/10/27 03:08:50 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/10/27 03:08:50 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/10/27 03:08:50 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/10/27 03:08:50 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/10/27 03:08:50 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/10/27 03:08:49 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/10/27 03:08:49 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/10/27 03:08:49 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/10/27 03:08:49 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/10/27 03:08:49 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/10/27 03:08:48 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/10/27 03:08:48 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/10/27 03:08:47 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/10/27 03:08:46 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/10/27 03:08:45 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/10/27 03:08:42 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/10/27 03:08:42 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/10/27 03:08:38 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/10/27 03:08:38 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/10/27 03:08:37 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/10/27 03:08:37 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/10/27 03:08:36 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/10/27 03:08:35 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/10/27 03:08:35 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/10/27 03:08:35 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/10/27 03:08:35 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/10/27 03:08:35 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/10/27 03:08:34 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/10/27 03:08:34 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/10/27 03:08:34 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/10/27 03:08:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/10/27 03:08:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/10/27 03:08:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/10/27 03:08:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/10/27 03:08:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/10/27 03:08:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/10/27 03:08:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/10/27 03:08:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/10/27 03:08:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/10/27 03:08:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/10/27 03:08:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/10/27 03:08:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/10/27 03:08:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/10/27 03:08:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/10/27 03:08:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/10/27 03:08:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/10/27 03:08:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/10/27 03:08:32 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/10/27 03:08:32 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/10/27 03:08:31 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/10/27 03:08:31 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/10/27 03:08:31 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/10/27 03:08:31 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/10/27 03:08:31 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/10/27 03:08:31 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/10/27 03:08:31 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/10/27 03:08:30 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/10/27 03:08:30 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/10/27 03:08:29 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/10/27 03:08:29 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/10/27 03:08:29 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/10/27 03:08:28 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2009/10/27 03:08:28 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/10/27 03:08:28 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2009/10/27 03:08:28 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2009/10/27 03:08:28 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2009/10/27 03:08:28 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009/10/27 03:08:28 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/10/27 03:08:28 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/10/27 03:08:28 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/10/27 03:08:27 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/10/27 03:08:27 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/10/27 03:08:27 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/10/27 03:08:27 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/10/27 03:08:27 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/10/27 03:08:27 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/10/27 03:08:27 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/10/27 03:08:27 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/10/27 03:08:27 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/10/27 03:08:26 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/10/27 03:08:26 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/10/27 03:08:26 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/10/27 03:08:26 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/10/27 03:08:26 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/10/27 03:08:26 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/10/27 03:08:22 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/10/27 03:08:15 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/10/27 03:08:14 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/10/27 03:08:13 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/10/27 03:08:13 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009/10/27 03:08:12 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/10/27 03:08:12 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/10/27 03:08:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/10/27 03:08:11 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/10/27 03:08:11 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/10/27 03:08:10 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/10/27 03:08:10 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/10/27 03:08:10 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/10/27 03:08:10 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/10/27 03:08:09 | 00,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2009/10/27 03:08:09 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/10/27 03:08:06 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/10/27 03:08:05 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2009/10/27 03:08:05 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/10/27 03:08:05 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/10/27 03:08:05 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/10/27 03:08:05 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/10/27 03:08:03 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/10/27 03:08:03 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/10/27 03:08:03 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/10/27 03:08:03 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/10/27 03:08:03 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/10/27 03:08:02 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/10/27 03:08:02 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/10/27 03:08:02 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/10/27 03:08:02 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/10/27 03:08:02 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/10/27 03:08:01 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/10/27 03:08:01 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/10/27 03:08:01 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/10/27 03:08:00 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/10/27 03:08:00 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/10/27 03:08:00 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/10/27 03:07:59 | 00,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll
[2009/10/27 03:07:59 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/10/27 03:07:59 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/10/27 03:07:59 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/10/27 03:07:59 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/10/27 03:07:57 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/10/27 03:07:57 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/10/27 03:07:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/10/27 03:07:55 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/10/27 03:07:54 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll
[2009/10/27 03:07:54 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll
[2009/10/27 03:07:49 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/10/27 03:07:49 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/10/27 03:07:49 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/10/27 03:07:49 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/10/27 03:07:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/10/27 03:07:48 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/10/27 03:07:45 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/10/27 03:07:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/10/27 03:07:42 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/10/27 03:07:42 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/10/27 03:07:12 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2009/10/27 03:06:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/10/27 03:06:31 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2009/10/27 03:06:30 | 00,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/10/27 03:06:21 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/10/27 03:06:21 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/10/27 03:05:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/10/27 03:05:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009/10/27 03:05:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009/10/27 03:05:44 | 01,669,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2009/10/27 03:05:44 | 00,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpvis.dll
[2009/10/27 03:05:44 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2009/10/27 03:05:41 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2009/10/27 03:05:40 | 00,319,551 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmres.dll
[2009/10/27 03:05:40 | 00,163,906 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmutil.dll
[2009/10/27 03:05:40 | 00,110,657 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmfilt.dll
[2009/10/27 03:05:40 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009/10/27 03:05:24 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2009/10/27 03:05:24 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2009/10/27 03:05:24 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2009/10/27 03:05:24 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2009/10/27 03:05:24 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2009/10/27 03:05:24 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2009/10/27 03:05:23 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2009/10/27 03:05:22 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2009/10/27 03:05:22 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2009/10/27 03:05:22 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2009/10/27 03:05:14 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2009/10/27 03:05:13 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2009/10/27 03:05:13 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll
[2009/10/27 03:05:13 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2009/10/27 03:05:13 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll
[2009/10/27 03:05:13 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/10/27 03:05:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009/10/27 03:05:12 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv
[2009/10/27 03:05:12 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2009/10/27 03:05:12 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2009/10/27 03:05:12 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2009/10/27 03:05:12 | 00,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2009/10/27 03:05:12 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2009/10/27 03:05:12 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2009/10/27 03:05:12 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2009/10/27 03:05:11 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg723.acm
[2009/10/27 03:05:11 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2009/10/27 03:05:09 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2009/10/27 03:05:08 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2009/10/27 03:05:08 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2009/10/27 03:05:08 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2009/10/27 03:05:08 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2009/10/27 03:05:08 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2009/10/27 03:05:08 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2009/10/27 03:05:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2009/10/27 03:05:08 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/10/27 03:05:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/10/27 03:05:06 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2009/10/27 03:05:06 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2009/10/27 03:05:02 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2009/10/27 03:05:02 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2009/10/27 03:05:02 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2009/10/27 03:05:02 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/10/27 03:05:02 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/10/27 03:05:01 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2009/10/27 03:05:01 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2009/10/27 03:05:01 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2009/10/27 03:05:01 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2009/10/27 03:05:01 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2009/10/27 03:05:01 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2009/10/27 03:05:00 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2009/10/27 03:05:00 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2009/10/27 03:05:00 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2009/10/27 03:05:00 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/10/27 03:04:59 | 00,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2009/10/27 03:04:59 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2009/10/27 03:04:59 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2009/10/27 03:04:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/10/27 03:04:55 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2009/10/27 03:04:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/10/27 03:04:52 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/10/27 03:04:52 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/10/27 03:04:52 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/10/27 03:04:25 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/10/27 03:04:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/10/27 03:04:20 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/10/27 03:04:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/10/27 03:04:07 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/10/27 03:04:07 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/10/27 03:04:01 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/10/27 03:03:55 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2009/10/27 03:03:55 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2009/10/27 03:03:55 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2009/10/27 03:03:55 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/10/27 03:03:54 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2009/10/27 03:03:54 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2009/10/27 03:03:54 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2009/10/27 03:03:54 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2009/10/27 03:03:54 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2009/10/27 03:03:54 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2009/10/27 03:03:54 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2009/10/27 03:03:54 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2009/10/27 03:03:54 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2009/10/27 03:03:54 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2009/10/27 03:03:54 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2009/10/27 03:03:54 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2009/10/27 03:03:53 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2009/10/27 03:03:53 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2009/10/27 03:03:53 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2009/10/27 03:03:53 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2009/10/27 03:03:53 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2009/10/27 03:03:53 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2009/10/27 03:03:52 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2009/10/27 03:03:52 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2009/10/27 03:03:52 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2009/10/27 03:03:52 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2009/10/27 03:03:52 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2009/10/27 03:03:52 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009/10/27 03:03:44 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2009/10/27 03:03:44 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2009/10/27 03:03:44 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2009/10/27 03:03:44 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2009/10/27 03:03:44 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2009/10/27 03:03:43 | 00,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2009/10/27 03:03:43 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2009/10/27 03:03:43 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2009/10/27 03:03:43 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2009/10/27 03:03:43 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2009/10/27 03:03:43 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2009/10/27 03:03:43 | 00,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2009/10/27 03:03:43 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2009/10/27 03:03:43 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2009/10/27 03:03:43 | 00,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2009/10/27 03:03:42 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2009/10/27 03:03:42 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2009/10/27 03:03:42 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/10/27 03:03:41 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/10/27 03:03:36 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2009/10/27 03:03:35 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2009/10/27 03:03:35 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2009/10/27 03:03:35 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2009/10/27 03:03:35 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2009/10/27 03:03:35 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2009/10/27 03:03:35 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2009/10/27 03:03:35 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2009/10/27 03:03:34 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2009/10/27 03:03:34 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2009/10/27 03:03:34 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2009/10/27 03:03:34 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2009/10/27 03:03:34 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2009/10/27 03:03:34 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2009/10/27 03:03:34 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2009/10/27 03:03:34 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2009/10/27 03:03:34 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2009/10/27 03:03:34 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2009/10/27 03:03:34 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2009/10/27 03:03:34 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2009/10/27 03:03:34 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll
[2009/10/27 03:03:33 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2009/10/27 03:03:33 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2009/10/27 03:03:33 | 00,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2009/10/27 03:03:33 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2009/10/27 03:03:33 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2009/10/27 03:03:33 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll
[2009/10/27 03:03:33 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2009/10/27 03:03:33 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2009/10/27 03:03:33 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2009/10/27 03:03:33 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2009/10/27 03:03:33 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2009/10/27 03:03:32 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll
[2009/10/27 03:03:32 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2009/10/27 03:03:32 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2009/10/27 03:03:32 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2009/10/27 03:03:32 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2009/10/27 03:03:32 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2009/10/27 03:03:32 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2009/10/27 03:03:32 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2009/10/27 03:03:32 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2009/10/27 03:03:32 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2009/10/27 03:03:32 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2009/10/27 03:03:32 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2009/10/27 03:03:32 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2009/10/27 03:03:32 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2009/10/27 03:03:32 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2009/10/27 03:03:32 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2009/10/27 03:03:32 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2009/10/27 03:03:32 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2009/10/27 03:03:32 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2009/10/27 03:03:31 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2009/10/27 03:03:31 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2009/10/27 03:03:31 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2009/10/27 03:03:31 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2009/10/27 03:03:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2009/10/27 03:03:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2009/10/27 03:03:31 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2009/10/27 03:03:31 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2009/10/27 03:03:31 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2009/10/27 03:03:31 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2009/10/27 03:03:31 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2009/10/27 03:03:31 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2009/10/27 03:03:31 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2009/10/27 03:03:31 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2009/10/27 03:03:31 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2009/10/27 03:03:31 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2009/10/27 03:03:31 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2009/10/27 03:03:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/10/27 03:03:30 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2009/10/27 03:03:30 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2009/10/27 03:03:30 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2009/10/27 03:03:30 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2009/10/27 03:03:30 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2009/10/27 03:03:30 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2009/10/27 03:03:30 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2009/10/27 03:03:29 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2009/10/27 03:03:29 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2009/10/27 03:03:29 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2009/10/27 03:03:29 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2009/10/27 03:03:29 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2009/10/27 03:03:28 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2009/10/27 03:03:28 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2009/10/27 03:03:28 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2009/10/27 03:03:28 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2009/10/27 03:03:28 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2009/10/27 03:03:28 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2009/10/27 03:03:28 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2009/10/27 03:03:28 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2009/10/27 03:03:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/10/27 03:03:27 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2009/10/27 03:03:27 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2009/10/27 03:03:27 | 00,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2009/10/27 03:03:27 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2009/10/27 03:03:27 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2009/10/27 03:03:22 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2009/10/27 03:03:22 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2009/10/27 03:03:22 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2009/10/27 03:03:21 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2009/10/27 03:03:21 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2009/10/27 03:03:21 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2009/10/27 03:03:21 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2009/10/27 03:03:21 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2009/10/27 03:03:21 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2009/10/27 03:03:20 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2009/10/27 03:03:20 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2009/10/27 03:03:20 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2009/10/27 03:03:20 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2009/10/27 03:03:19 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2009/10/27 03:03:19 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2009/10/27 03:03:18 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2009/10/27 03:03:17 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2009/10/27 03:03:17 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2009/10/27 03:03:17 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2009/10/27 03:03:17 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2009/10/27 03:03:15 | 00,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2009/10/27 03:03:15 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2009/10/27 03:01:34 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spnpinst.exe
[2009/10/27 02:51:13 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbstor.sys
[2009/10/27 02:31:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/10/27 02:26:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/10/27 02:25:59 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpob2res.dll
[2009/10/27 02:25:59 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2009/10/27 02:25:59 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2009/10/27 02:25:59 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2009/10/27 02:25:58 | 00,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winhttp.dll
[2009/10/27 02:25:08 | 00,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009/10/27 02:25:08 | 00,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2009/10/27 02:25:08 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2009/10/27 02:25:08 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009/10/27 02:25:08 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2009/10/27 02:25:08 | 00,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2009/10/27 02:25:08 | 00,017,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2009/10/27 02:25:07 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009/10/27 02:25:07 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2009/10/27 02:25:07 | 00,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2009/10/27 02:25:07 | 00,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2009/10/27 02:25:07 | 00,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2009/10/27 02:25:07 | 00,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/10/27 02:24:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/10/27 02:13:39 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ALFREDO\UserData
[2009/10/26 21:58:32 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys
[2009/10/26 21:58:15 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2009/10/26 21:57:28 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2009/10/26 21:57:25 | 00,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\drivers\fetnd5.sys
[2009/10/26 21:56:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/10/26 21:56:17 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2009/10/26 21:56:17 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2009/10/26 21:56:16 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2009/10/26 21:56:15 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2009/10/26 21:56:15 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/10/26 21:56:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/10/26 21:56:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/10/26 21:56:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/10/26 21:56:13 | 00,089,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sserifft.fon
[2009/10/26 21:56:13 | 00,084,848 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\serifft.fon
[2009/10/26 21:56:13 | 00,064,400 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sserifet.fon
[2009/10/26 21:56:13 | 00,061,024 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\serifet.fon
[2009/10/26 21:56:13 | 00,036,672 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\app857.fon
[2009/10/26 21:56:13 | 00,033,360 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\courft.fon
[2009/10/26 21:56:13 | 00,029,200 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smallet.fon
[2009/10/26 21:56:13 | 00,025,024 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\couret.fon
[2009/10/26 21:56:13 | 00,023,008 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smallft.fon
[2009/10/26 21:56:13 | 00,008,704 | -H-- | C] () -- C:\WINDOWS\Fonts\ega40857.fon
[2009/10/26 21:56:13 | 00,006,912 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgasyst.fon
[2009/10/26 21:56:13 | 00,006,672 | -H-- | C] () -- C:\WINDOWS\Fonts\cga40857.fon
[2009/10/26 21:56:13 | 00,006,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgafixt.fon
[2009/10/26 21:56:13 | 00,005,648 | -H-- | C] () -- C:\WINDOWS\Fonts\ega80857.fon
[2009/10/26 21:56:13 | 00,005,552 | -H-- | C] () -- C:\WINDOWS\Fonts\vga857.fon
[2009/10/26 21:56:13 | 00,004,640 | -H-- | C] () -- C:\WINDOWS\Fonts\cga80857.fon
[2009/10/26 21:56:12 | 00,098,256 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sseriffr.fon
[2009/10/26 21:56:12 | 00,012,720 | -H-- | C] () -- C:\WINDOWS\Fonts\8514oemt.fon
[2009/10/26 21:56:12 | 00,011,488 | -H-- | C] (Microsoft« Corporatio) -- C:\WINDOWS\Fonts\8514fixt.fon
[2009/10/26 21:56:12 | 00,009,792 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514syst.fon
[2009/10/26 21:56:12 | 00,006,912 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgasysr.fon
[2009/10/26 21:56:12 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2009/10/26 21:56:12 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2009/10/26 21:56:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2009/10/26 21:56:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2009/10/26 21:56:12 | 00,006,128 | -H-- | C] () -- C:\WINDOWS\Fonts\vga866.fon
[2009/10/26 21:56:12 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2009/10/26 21:56:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2009/10/26 21:56:12 | 00,005,600 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgafixr.fon
[2009/10/26 21:56:12 | 00,005,120 | -H-- | C] (Microsoft« Corporatio) -- C:\WINDOWS\Fonts\vga855.fon
[2009/10/26 21:56:11 | 00,090,736 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\seriffr.fon
[2009/10/26 21:56:11 | 00,068,848 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sserifer.fon
[2009/10/26 21:56:11 | 00,063,296 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\serifer.fon
[2009/10/26 21:56:11 | 00,037,472 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\app866.fon
[2009/10/26 21:56:11 | 00,037,296 | -H-- | C] (Microsoft« Corporatio) -- C:\WINDOWS\Fonts\app855.fon
[2009/10/26 21:56:11 | 00,031,808 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\courfr.fon
[2009/10/26 21:56:11 | 00,024,832 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smaller.fon
[2009/10/26 21:56:11 | 00,023,440 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\courer.fon
[2009/10/26 21:56:11 | 00,019,760 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smallfr.fon
[2009/10/26 21:56:11 | 00,013,200 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514oemr.fon
[2009/10/26 21:56:11 | 00,012,256 | -H-- | C] (Microsoft« Corporatio) -- C:\WINDOWS\Fonts\85855.fon
[2009/10/26 21:56:11 | 00,010,976 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514fixr.fon
[2009/10/26 21:56:11 | 00,010,064 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514sysr.fon
[2009/10/26 21:56:11 | 00,009,232 | -H-- | C] () -- C:\WINDOWS\Fonts\ega40866.fon
[2009/10/26 21:56:11 | 00,007,232 | -H-- | C] () -- C:\WINDOWS\Fonts\cga40866.fon
[2009/10/26 21:56:11 | 00,005,280 | -H-- | C] () -- C:\WINDOWS\Fonts\ega80866.fon
[2009/10/26 21:56:11 | 00,005,168 | -H-- | C] () -- C:\WINDOWS\Fonts\cga80866.fon
[2009/10/26 21:56:10 | 00,007,008 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgasysg.fon
[2009/10/26 21:56:10 | 00,006,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgafixg.fon
[2009/10/26 21:56:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2009/10/26 21:56:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2009/10/26 21:56:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2009/10/26 21:56:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2009/10/26 21:56:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2009/10/26 21:56:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2009/10/26 21:56:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2009/10/26 21:56:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2009/10/26 21:56:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2009/10/26 21:56:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2009/10/26 21:56:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2009/10/26 21:56:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2009/10/26 21:56:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2009/10/26 21:56:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2009/10/26 21:56:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2009/10/26 21:56:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2009/10/26 21:56:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2009/10/26 21:56:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2009/10/26 21:56:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2009/10/26 21:56:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2009/10/26 21:56:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2009/10/26 21:56:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2009/10/26 21:56:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2009/10/26 21:56:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2009/10/26 21:56:10 | 00,005,184 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vga869.fon
[2009/10/26 21:56:10 | 00,005,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vga737.fon
[2009/10/26 21:56:09 | 00,090,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sseriffg.fon
[2009/10/26 21:56:09 | 00,086,256 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\seriffg.fon
[2009/10/26 21:56:09 | 00,065,328 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sserifeg.fon
[2009/10/26 21:56:09 | 00,060,752 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\serifeg.fon
[2009/10/26 21:56:09 | 00,036,336 | -H-- | C] () -- C:\WINDOWS\Fonts\dos737.fon
[2009/10/26 21:56:09 | 00,033,344 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\courfg.fon
[2009/10/26 21:56:09 | 00,028,912 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smalleg.fon
[2009/10/26 21:56:09 | 00,025,024 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\coureg.fon
[2009/10/26 21:56:09 | 00,023,120 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smallfg.fon
[2009/10/26 21:56:09 | 00,009,248 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ega40869.fon
[2009/10/26 21:56:09 | 00,009,248 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ega40737.fon
[2009/10/26 21:56:09 | 00,007,216 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\cga40869.fon
[2009/10/26 21:56:09 | 00,007,216 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\cga40737.fon
[2009/10/26 21:56:09 | 00,006,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ega80869.fon
[2009/10/26 21:56:09 | 00,006,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ega80737.fon
[2009/10/26 21:56:09 | 00,005,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\cga80869.fon
[2009/10/26 21:56:09 | 00,005,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\cga80737.fon
[2009/10/26 21:56:08 | 00,090,336 | -H-- | C] () -- C:\WINDOWS\Fonts\ssef1257.fon
[2009/10/26 21:56:08 | 00,065,456 | -H-- | C] () -- C:\WINDOWS\Fonts\ssee1257.fon
[2009/10/26 21:56:08 | 00,012,800 | -H-- | C] () -- C:\WINDOWS\Fonts\8514oemg.fon
[2009/10/26 21:56:08 | 00,011,520 | -H-- | C] (Microsoft« Corporatio) -- C:\WINDOWS\Fonts\8514fixg.fon
[2009/10/26 21:56:08 | 00,009,856 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514sysg.fon
[2009/10/26 21:56:08 | 00,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2009/10/26 21:56:08 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2009/10/26 21:56:08 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2009/10/26 21:56:08 | 00,006,656 | -H-- | C] () -- C:\WINDOWS\Fonts\vgas1257.fon
[2009/10/26 21:56:08 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2009/10/26 21:56:08 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2009/10/26 21:56:08 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2009/10/26 21:56:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2009/10/26 21:56:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2009/10/26 21:56:08 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2009/10/26 21:56:08 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2009/10/26 21:56:08 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2009/10/26 21:56:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2009/10/26 21:56:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2009/10/26 21:56:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2009/10/26 21:56:08 | 00,005,376 | -H-- | C] () -- C:\WINDOWS\Fonts\vgaf1257.fon
[2009/10/26 21:56:08 | 00,005,168 | -H-- | C] () -- C:\WINDOWS\Fonts\vga775.fon
[2009/10/26 21:56:07 | 00,084,080 | -H-- | C] () -- C:\WINDOWS\Fonts\serf1257.fon
[2009/10/26 21:56:07 | 00,059,024 | -H-- | C] () -- C:\WINDOWS\Fonts\sere1257.fon
[2009/10/26 21:56:07 | 00,035,808 | -H-- | C] () -- C:\WINDOWS\Fonts\app775.fon
[2009/10/26 21:56:07 | 00,031,760 | -H-- | C] () -- C:\WINDOWS\Fonts\couf1257.fon
[2009/10/26 21:56:07 | 00,024,672 | -H-- | C] () -- C:\WINDOWS\Fonts\smae1257.fon
[2009/10/26 21:56:07 | 00,023,440 | -H-- | C] () -- C:\WINDOWS\Fonts\coue1257.fon
[2009/10/26 21:56:07 | 00,019,904 | -H-- | C] () -- C:\WINDOWS\Fonts\smaf1257.fon
[2009/10/26 21:56:07 | 00,012,304 | -H-- | C] () -- C:\WINDOWS\Fonts\85775.fon
[2009/10/26 21:56:07 | 00,010,976 | -H-- | C] () -- C:\WINDOWS\Fonts\85f1257.fon
[2009/10/26 21:56:07 | 00,009,472 | -H-- | C] () -- C:\WINDOWS\Fonts\85s1257.fon
[2009/10/26 21:56:07 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2009/10/26 21:56:07 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2009/10/26 21:56:07 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2009/10/26 21:56:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2009/10/26 21:56:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2009/10/26 21:56:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2009/10/26 21:56:07 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2009/10/26 21:56:07 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2009/10/26 21:56:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2009/10/26 21:56:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2009/10/26 21:56:06 | 00,092,032 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sseriffe.fon
[2009/10/26 21:56:06 | 00,085,360 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\seriffe.fon
[2009/10/26 21:56:06 | 00,066,464 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sserifee.fon
[2009/10/26 21:56:06 | 00,059,952 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\serifee.fon
[2009/10/26 21:56:06 | 00,024,784 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smallee.fon
[2009/10/26 21:56:06 | 00,019,600 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smallfe.fon
[2009/10/26 21:56:06 | 00,006,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgasyse.fon
[2009/10/26 21:56:06 | 00,006,160 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vga852.fon
[2009/10/26 21:56:06 | 00,005,376 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgafixe.fon
[2009/10/26 21:56:05 | 00,036,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\app852.fon
[2009/10/26 21:56:05 | 00,031,776 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\courfe.fon
[2009/10/26 21:56:05 | 00,023,440 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\couree.fon
[2009/10/26 21:56:05 | 00,013,248 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514oeme.fon
[2009/10/26 21:56:05 | 00,010,976 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514fixe.fon
[2009/10/26 21:56:05 | 00,009,504 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514syse.fon
[2009/10/26 21:56:05 | 00,008,368 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ega40852.fon
[2009/10/26 21:56:05 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2009/10/26 21:56:05 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2009/10/26 21:56:05 | 00,006,672 | -H-- | C] () -- C:\WINDOWS\Fonts\cga40852.fon
[2009/10/26 21:56:05 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2009/10/26 21:56:05 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2009/10/26 21:56:05 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2009/10/26 21:56:05 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2009/10/26 21:56:05 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2009/10/26 21:56:05 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2009/10/26 21:56:05 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2009/10/26 21:56:05 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2009/10/26 21:56:05 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2009/10/26 21:56:05 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2009/10/26 21:56:05 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2009/10/26 21:56:05 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2009/10/26 21:56:05 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2009/10/26 21:56:05 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2009/10/26 21:56:05 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2009/10/26 21:56:05 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2009/10/26 21:56:05 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2009/10/26 21:56:05 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2009/10/26 21:56:05 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2009/10/26 21:56:05 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2009/10/26 21:56:05 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2009/10/26 21:56:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2009/10/26 21:56:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2009/10/26 21:56:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2009/10/26 21:56:05 | 00,005,344 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ega80852.fon
[2009/10/26 21:56:05 | 00,005,200 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\cga80852.fon
[2009/10/26 21:56:04 | 00,005,200 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vga863.fon
[2009/10/26 21:56:04 | 00,005,184 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vga865.fon
[2009/10/26 21:56:03 | 00,036,672 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\app850.fon
[2009/10/26 21:56:03 | 00,021,504 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smallf.fon
[2009/10/26 21:56:03 | 00,012,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514oem.fon
[2009/10/26 21:56:03 | 00,010,976 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514fix.fon
[2009/10/26 21:56:03 | 00,009,280 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514sys.fon
[2009/10/26 21:56:03 | 00,005,184 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vga860.fon
[2009/10/26 21:56:02 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2009/10/26 21:56:02 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2009/10/26 21:56:02 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2009/10/26 21:56:02 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2009/10/26 21:56:02 | 00,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2009/10/26 21:56:02 | 00,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2009/10/26 21:56:02 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/10/26 21:56:02 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/10/26 21:56:02 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/10/26 21:56:02 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/10/26 21:56:02 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2009/10/26 21:56:01 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2009/10/26 21:56:01 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tapi.dll
[2009/10/26 21:56:01 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2009/10/26 21:56:01 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wfwnet.drv
[2009/10/26 21:56:01 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2009/10/26 21:56:01 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ver.dll
[2009/10/26 21:56:01 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2009/10/26 21:56:01 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2009/10/26 21:56:01 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell.dll
[2009/10/26 21:56:01 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2009/10/26 21:56:01 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\timer.drv
[2009/10/26 21:56:01 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2009/10/26 21:56:01 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.drv
[2009/10/26 21:56:01 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2009/10/26 21:56:01 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vga.drv
[2009/10/26 21:56:01 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2009/10/26 21:56:01 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sound.drv
[2009/10/26 21:56:01 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2009/10/26 21:56:00 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvideo.dll
[2009/10/26 21:56:00 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2009/10/26 21:56:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecli.dll
[2009/10/26 21:56:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2009/10/26 21:56:00 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciavi.drv
[2009/10/26 21:56:00 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2009/10/26 21:56:00 | 00,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\mmsystem.dll
[2009/10/26 21:56:00 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\commdlg.dll
[2009/10/26 21:56:00 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2009/10/26 21:56:00 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciwave.drv
[2009/10/26 21:56:00 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2009/10/26 21:56:00 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciseq.drv
[2009/10/26 21:56:00 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2009/10/26 21:56:00 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olesvr.dll
[2009/10/26 21:56:00 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2009/10/26 21:56:00 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lzexpand.dll
[2009/10/26 21:56:00 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2009/10/26 21:56:00 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouse.drv
[2009/10/26 21:56:00 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2009/10/26 21:56:00 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\keyboard.drv
[2009/10/26 21:56:00 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2009/10/26 21:56:00 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmtask.tsk
[2009/10/26 21:56:00 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2009/10/26 21:55:59 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifile.dll
[2009/10/26 21:55:59 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2009/10/26 21:55:59 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2009/10/26 21:55:59 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avicap.dll
[2009/10/26 21:55:59 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2009/10/26 21:55:59 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2009/10/26 21:55:59 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2009/10/26 21:55:59 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2009/10/26 21:55:50 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/10/26 21:55:50 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2009/10/26 21:55:50 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2009/10/26 21:55:50 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2009/10/26 21:55:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2009/10/26 21:55:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2009/10/26 21:55:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/10/26 21:55:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/10/26 21:55:33 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/10/26 21:55:33 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2009/10/26 21:55:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/10/26 21:51:35 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/10/26 21:51:35 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/10/26 21:51:35 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/10/26 21:51:35 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/10/26 21:51:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/30 01:33:24 | 00,000,074 | ---- | M] () -- C:\Documents and Settings\ALFREDO\default.pls
[2009/11/30 01:05:19 | 00,521,444 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/30 01:05:19 | 00,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/30 01:05:19 | 00,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/24 10:20:25 | 00,002,249 | ---- | M] () -- C:\Documents and Settings\ALFREDO\Start Menu\Programs\Startup\Styler.lnk
[2009/11/24 10:20:22 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/11/24 10:17:44 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALFREDO\Desktop\OTL.exe
[2009/11/23 21:36:29 | 04,194,304 | -H-- | M] () -- C:\Documents and Settings\ALFREDO\NTUSER.DAT
[2009/11/23 21:29:53 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\ALFREDO\ntuser.ini
[2009/11/23 21:29:46 | 05,893,592 | -H-- | M] () -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\IconCache.db
[2009/11/23 21:19:07 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\ALFREDO\Desktop\settings.dat
[2009/11/23 21:16:02 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\ALFREDO\Desktop\dds.scr
[2009/11/23 20:18:02 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\ALFREDO\Desktop\RootRepeal.exe
[2009/11/23 18:25:22 | 00,000,526 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/11/23 18:25:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/23 18:24:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/23 16:48:42 | 10,050,47808 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/23 16:46:04 | 00,001,016 | ---- | M] () -- C:\Documents and Settings\ALFREDO\Desktop\magicJack.lnk
[2009/11/23 08:05:35 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\ALFREDO\My Documents\Default.rdp
[2009/11/23 04:48:30 | 00,000,533 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/23 04:48:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/23 04:48:30 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/11/23 04:19:36 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/21 16:29:59 | 00,010,270 | ---- | M] () -- C:\Documents and Settings\ALFREDO\Desktop\Training for A.docx
[2009/11/20 19:47:18 | 00,011,786 | ---- | M] () -- C:\Documents and Settings\ALFREDO\Desktop\resume.docx
[2009/11/20 16:37:03 | 00,041,944 | ---- | M] () -- C:\Documents and Settings\ALFREDO\Desktop\my resume1.docx
[2009/11/20 16:36:45 | 00,019,001 | ---- | M] () -- C:\Documents and Settings\ALFREDO\Desktop\my resume.odt
[2009/11/20 11:22:19 | 00,043,622 | ---- | M] () -- C:\Documents and Settings\ALFREDO\Desktop\my resume.docx
[2009/11/19 13:59:20 | 00,069,608 | ---- | M] () -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/19 08:22:57 | 00,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/18 22:05:20 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/18 22:05:07 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/18 13:28:00 | 00,023,464 | ---- | M] () -- C:\Documents and Settings\ALFREDO\My Documents\FLORIDA UNEMPLOYMENT.docx
[2009/11/18 11:28:10 | 00,000,460 | ---- | M] () -- C:\Documents and Settings\ALFREDO\My Documents\cc_20091118_112807.reg
[2009/11/18 11:13:59 | 00,098,350 | ---- | M] () -- C:\Documents and Settings\ALFREDO\My Documents\cc_20091118_111356.reg
[2009/11/11 15:34:04 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/11/11 15:34:04 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/11/11 15:27:41 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/11/11 15:27:00 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/11/08 09:53:56 | 00,112,726 | ---- | M] () -- C:\Documents and Settings\ALFREDO\My Documents\cc_20091108_095349.reg
[2009/11/06 23:41:53 | 00,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/11/05 12:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/01 10:36:28 | 00,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2009/11/01 10:36:27 | 00,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2009/10/31 23:21:23 | 00,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
[2009/10/31 23:20:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\vpd.properties
[2009/10/31 23:20:30 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/31 23:20:30 | 00,000,028 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/10/31 18:42:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/10/31 17:06:39 | 00,000,037 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2009/10/30 22:41:28 | 92,977,431 | ---- | M] () -- C:\Documents and Settings\ALFREDO\My Documents\Lil_Candy_Casting.flv
[2009/10/29 13:58:18 | 00,000,130 | ---- | M] () -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\fusioncache.dat
[2009/10/28 13:25:06 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\ALFREDO\Application Data\vso_ts_preview.xml
[2009/10/28 10:01:48 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.dll
[2009/10/28 00:41:14 | 00,000,025 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/10/28 00:40:23 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/28 00:40:17 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/28 00:40:17 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/28 00:39:54 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/10/27 11:37:06 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/10/27 04:48:40 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\ALFREDO\Application Data\inst.exe
[2009/10/27 04:48:40 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/10/27 04:48:40 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\ALFREDO\Application Data\pcouffin.sys
[2009/10/27 04:48:40 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\ALFREDO\Application Data\pcouffin.cat
[2009/10/27 04:48:40 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\ALFREDO\Application Data\pcouffin.inf
[2009/10/27 04:41:18 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/10/27 04:31:22 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/27 04:26:46 | 00,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/10/27 04:19:31 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/10/27 03:11:25 | 00,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/10/27 03:10:06 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/10/27 03:09:22 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/10/27 03:07:44 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/10/27 03:07:23 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/10/27 03:07:23 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/27 03:07:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/10/27 03:07:23 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/10/27 03:07:23 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/10/27 03:07:19 | 00,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2009/10/27 03:06:21 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/10/27 03:06:21 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/10/27 03:06:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/10/27 03:06:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/10/27 03:06:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/10/27 03:06:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/10/27 03:06:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/10/27 03:06:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/10/27 03:04:31 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/27 03:04:18 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/10/27 03:04:18 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/23 21:19:07 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Desktop\settings.dat
[2009/11/23 21:10:19 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Desktop\dds.scr
[2009/11/23 08:05:35 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\ALFREDO\My Documents\Default.rdp
[2009/11/23 05:00:53 | 05,893,592 | -H-- | C] () -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\IconCache.db
[2009/11/23 04:26:59 | 10,050,47808 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/21 16:29:59 | 00,010,270 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Desktop\Training for A.docx
[2009/11/20 19:47:18 | 00,011,786 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Desktop\resume.docx
[2009/11/20 16:37:03 | 00,041,944 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Desktop\my resume1.docx
[2009/11/20 16:36:42 | 00,019,001 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Desktop\my resume.odt
[2009/11/20 11:21:23 | 00,043,622 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Desktop\my resume.docx
[2009/11/19 11:11:46 | 00,001,016 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Desktop\magicJack.lnk
[2009/11/18 19:23:06 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/18 13:28:00 | 00,023,464 | ---- | C] () -- C:\Documents and Settings\ALFREDO\My Documents\FLORIDA UNEMPLOYMENT.docx
[2009/11/18 11:28:09 | 00,000,460 | ---- | C] () -- C:\Documents and Settings\ALFREDO\My Documents\cc_20091118_112807.reg
[2009/11/18 11:13:57 | 00,098,350 | ---- | C] () -- C:\Documents and Settings\ALFREDO\My Documents\cc_20091118_111356.reg
[2009/11/11 15:27:00 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/11/08 09:53:52 | 00,112,726 | ---- | C] () -- C:\Documents and Settings\ALFREDO\My Documents\cc_20091108_095349.reg
[2009/11/03 00:45:22 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/11/01 22:19:07 | 80,048,472 | ---- | C] () -- C:\Documents and Settings\ALFREDO\My Documents\4-Way 19 Minutes Mmmf Beautiful Teen Anal Double Entry Gangbang bleep Suck Blowjob And Multiple Cu.wmv
[2009/11/01 10:34:14 | 00,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2009/11/01 10:34:14 | 00,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2009/10/31 23:21:23 | 00,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2009/10/31 18:42:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/30 22:41:23 | 92,977,431 | ---- | C] () -- C:\Documents and Settings\ALFREDO\My Documents\Lil_Candy_Casting.flv
[2009/10/30 10:32:19 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/10/29 13:58:18 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\fusioncache.dat
[2009/10/29 11:56:26 | 00,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/10/29 11:40:17 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/29 11:40:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpd.properties
[2009/10/29 11:38:48 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\XCUtil.dll
[2009/10/29 11:33:31 | 01,552,896 | ---- | C] () -- C:\WINDOWS\SBInstallUtils.dll
[2009/10/28 13:24:49 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Application Data\vso_ts_preview.xml
[2009/10/28 13:11:51 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/10/28 10:13:04 | 00,002,249 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Start Menu\Programs\Startup\Styler.lnk
[2009/10/28 02:09:41 | 00,000,074 | ---- | C] () -- C:\Documents and Settings\ALFREDO\default.pls
[2009/10/28 01:56:48 | 00,364,544 | ---- | C] () -- C:\WINDOWS\System32\PropertyGrid.ocx
[2009/10/28 01:56:48 | 00,208,500 | ---- | C] () -- C:\WINDOWS\System32\ReyXpBasics.tlb
[2009/10/28 01:56:47 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\ControlSubX.ocx
[2009/10/28 00:41:14 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/10/27 23:15:38 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/27 14:02:09 | 00,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/10/27 12:04:20 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/10/27 06:10:02 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2009/10/27 04:48:49 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Application Data\pcouffin.log
[2009/10/27 04:48:40 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Application Data\inst.exe
[2009/10/27 04:48:40 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Application Data\pcouffin.cat
[2009/10/27 04:48:40 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Application Data\pcouffin.inf
[2009/10/27 04:46:16 | 00,060,337 | ---- | C] () -- C:\WINDOWS\System32\VTovrlay.cfg
[2009/10/27 04:46:16 | 00,047,889 | ---- | C] () -- C:\WINDOWS\System32\VTTrayp.cfg
[2009/10/27 04:46:16 | 00,044,076 | ---- | C] () -- C:\WINDOWS\System32\VTInfo2.cfg
[2009/10/27 04:46:16 | 00,034,954 | ---- | C] () -- C:\WINDOWS\System32\VTTrayP2.cfg
[2009/10/27 04:46:16 | 00,033,451 | ---- | C] () -- C:\WINDOWS\System32\VTOvrly2.cfg
[2009/10/27 04:46:15 | 00,048,406 | ---- | C] () -- C:\WINDOWS\System32\VTGamma2.cfg
[2009/10/27 04:46:15 | 00,035,496 | ---- | C] () -- C:\WINDOWS\System32\VTGama_2.cfg
[2009/10/27 04:46:14 | 00,063,489 | ---- | C] () -- C:\WINDOWS\System32\VTDisply.cfg
[2009/10/27 04:46:14 | 00,056,619 | ---- | C] () -- C:\WINDOWS\System32\VTDispl2.cfg
[2009/10/27 04:46:14 | 00,052,037 | ---- | C] () -- C:\WINDOWS\System32\VTDispl3.cfg
[2009/10/27 04:41:03 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/10/27 04:40:49 | 00,000,526 | -H-- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/10/27 04:31:01 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/10/27 04:19:31 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/10/27 03:24:00 | 00,069,608 | ---- | C] () -- C:\Documents and Settings\ALFREDO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/27 03:12:26 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/10/27 03:11:15 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\ALFREDO\ntuser.ini
[2009/10/27 03:11:15 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\ALFREDO\Application Data\desktop.ini
[2009/10/27 03:11:14 | 04,194,304 | -H-- | C] () -- C:\Documents and Settings\ALFREDO\NTUSER.DAT
[2009/10/27 03:10:06 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/10/27 03:09:22 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/27 03:08:50 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/10/27 03:08:35 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/10/27 03:08:29 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/10/27 03:08:28 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/10/27 03:08:26 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/10/27 03:08:18 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/10/27 03:08:14 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/10/27 03:08:03 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/10/27 03:07:23 | 00,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/27 03:07:23 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/10/27 03:07:23 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/10/27 03:07:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2009/10/27 03:07:23 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/10/27 03:07:23 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/10/27 03:07:20 | 00,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/10/27 03:07:20 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/27 03:07:20 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/27 03:07:19 | 00,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2009/10/27 03:07:12 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/27 03:06:21 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/10/27 03:06:21 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/10/27 03:06:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/10/27 03:06:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/10/27 03:06:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/10/27 03:06:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/10/27 03:06:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/10/27 03:06:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/10/27 03:05:59 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2009/10/27 03:05:20 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/10/27 03:05:20 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/10/27 03:05:14 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2009/10/27 03:04:31 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/27 03:04:18 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2009/10/27 03:04:18 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2009/10/27 03:03:37 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/10/27 03:03:37 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/10/27 03:03:37 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/10/27 03:03:37 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/10/27 03:03:37 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/10/27 03:03:37 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/10/27 03:03:37 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/10/27 03:03:37 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/10/27 03:03:37 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/10/27 03:03:37 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/10/27 03:03:37 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/10/27 03:03:36 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/10/27 03:03:36 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/10/27 03:03:36 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/10/27 03:03:36 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/10/27 03:03:36 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/10/27 03:03:36 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/10/27 03:03:35 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/10/27 03:03:35 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/10/27 03:03:32 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2009/10/27 03:03:32 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/10/27 03:03:32 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/10/27 03:03:30 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2009/10/27 03:03:30 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/10/27 03:03:18 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/10/27 03:01:33 | 00,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2009/10/27 03:01:33 | 00,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/10/26 21:56:18 | 00,521,444 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/26 21:56:18 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/26 21:56:16 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2009/10/26 21:56:16 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2009/10/26 21:56:16 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2009/10/26 21:56:15 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2009/10/26 21:56:12 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009/10/26 21:56:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009/10/26 21:56:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009/10/26 21:56:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009/10/26 21:56:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009/10/26 21:56:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009/10/26 21:56:08 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009/10/26 21:56:08 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009/10/26 21:56:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009/10/26 21:56:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009/10/26 21:56:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009/10/26 21:56:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009/10/26 21:56:06 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009/10/26 21:56:06 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009/10/26 21:56:04 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2009/10/26 21:56:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009/10/26 21:56:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009/10/26 21:56:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009/10/26 21:56:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009/10/26 21:55:59 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/10/26 21:55:50 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/10/26 21:55:49 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/10/26 21:55:49 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/10/26 21:55:49 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/10/26 21:55:49 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/10/26 21:55:48 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/10/26 21:55:48 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/10/26 21:55:18 | 00,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/26 21:54:31 | 00,000,211 | RHS- | C] () -- C:\boot.ini
[2009/10/26 21:54:28 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/10/14 05:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 05:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 05:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 05:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 05:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 05:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 05:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 05:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 05:56:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2004/09/17 16:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/04 02:56:44 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/08/04 02:56:42 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004/02/09 15:18:18 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2002/03/26 14:18:28 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/01/20 07:26:36 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\SimpleResize.dll
[2001/10/25 09:53:24 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\avisynth.dll
[2001/08/23 07:00:00 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2001/08/23 07:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2001/08/23 07:00:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2001/08/23 07:00:00 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2001/08/23 07:00:00 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2001/08/23 07:00:00 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2001/08/23 07:00:00 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2001/08/23 07:00:00 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2001/08/23 07:00:00 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2001/08/23 07:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2001/08/23 07:00:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2001/08/23 07:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2001/08/23 07:00:00 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2001/08/23 07:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2001/08/23 07:00:00 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2001/08/23 07:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2001/08/23 07:00:00 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2001/08/23 07:00:00 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2001/08/23 07:00:00 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2001/08/23 07:00:00 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2001/08/23 07:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2001/08/23 07:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2001/08/23 07:00:00 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2001/08/23 07:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2001/08/23 07:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2001/08/23 07:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2001/08/23 07:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2001/08/23 07:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2001/08/23 07:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2001/08/23 07:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2001/08/23 07:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2001/08/23 07:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2001/08/23 07:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2001/08/23 07:00:00 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2001/08/23 07:00:00 | 00,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2001/08/23 07:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2001/08/23 07:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2001/08/23 07:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2001/08/23 07:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2001/08/23 07:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2001/08/23 07:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2001/08/23 07:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2001/08/23 07:00:00 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2001/08/23 07:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2001/08/23 07:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2001/08/23 07:00:00 | 00,000,533 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 07:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2001/08/23 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/17 17:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2001/06/22 06:06:02 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll
[2000/07/22 10:49:46 | 00,431,104 | ---- | C] () -- C:\WINDOWS\System32\VFCodec.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >
< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:39 PM

Posted 24 November 2009 - 05:35 PM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 MarineGeneral

MarineGeneral
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 26 November 2009 - 01:42 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.


Well My HD crash and several attempts to recover fail miserably but it had a good run (five years of constant abuse). Luckily I always back-up everything at least once a month so loss of data was minimal.

I like to say thank you for your assistance, Sam.

Alfredo

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:39 PM

Posted 27 November 2009 - 11:51 AM

That's too bad, but it sounds like you got it sorted out.

Glad to help out, although not much this time. :(


This topic will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users