FBI virus and lsass.exe system error

M

melissawski

New Member
Thread author
Verified
Jan 11, 2013
31
I tried booting in safe mode with networking and safe mode with command prompts and both tries lead to the log in screen but I cannot click on the log on picture. I then did the hitman kickstart on my UBS flash drive and it started to load but it said a file is missing or corrupt "windows system32 config system". I found an article on the microsoft website http://support.microsoft.com/kb/307545 on how to delete the files and replace the new ones using the repair console so i followed those directions and now when I turn on my computer a box pops up that says "lsass.exe" and it restarts and says windows is starting up and I keep getting that error. I got back into the recovery console and this time instead of being able to press enter when asked for the password, it tells me its incorrect. I've tried every password i ever use and they all fail. I also tried creating the kaspersky rescue disc. I downloaded the file but am having trouble creating an Iso. I downloaded that and the ISO recorder but I don't think my dvd burner program is on my desktop anymore because it isn't picking up that I have a DVD in the drive. I also tried putting the Kaspersky rescue on my USB but it wont load onto it. I am trying to think of what important things I have on my laptop that I would want to save but I am not sure of what is on there. I generally use the laptop to watch my exercise videos on and to print coupons from. So I guess it wont be a huge deal if I have to install a fresh copy of windows on it, but if someone has any other suggestions, I will definitely love to try them first. Thanks so much for all you do!

I cannot access normal mode on my laptop so I cannot do the OTL log and aswMBR LOG as requested.
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />


  • Do you have a Windows XP bootable CD?
  • Are you able to boot the computer into safe mode now?
 
M

melissawski

New Member
Thread author
Verified
Jan 11, 2013
31
Hello. I have the windows xp disc that came with my desktop. I've used it before reinstall windows on my laptop and I've been using it today to get into the repair console. I cannot boot into safe mode. It took me to the log in screen and wouldn't let me click anything. After I did what it told me to on the microsoft support site support.microsoft.com/kb/307545 (recover the corrupt registry) all it does is tell me the "lsass.exe system error".
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Is it showing you any exact location for lsass.exe like
c:\WINDOWS\system32\lsass.exe?

c:\WINDOWS\system32\lsass.exe is a Good FIle. But lsass.exe in the user profile is part of FBI Virus....
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
melissawski said:
Hello no I cannot. It would let me choose safe mode but then it took me to the log in.screen but it wouldn't let me choose anything.I loaded the Whitman kickstart on my usb flash drive and that would begin to load and it would say a file is misding or corrupt system 32 config. I found an article on the Microsoft website on how to repair the system 32 configure error and now it gives me an lsass.exe error and will say starting windows then it shuts off and repeats the same thing.
Click to expand...


Okay in this case we need to do a repair installation of your Windows XP..

That lsass.exe can often be associated with virus or other malware damage. It can be fixed, but only if you have access to the system in Normal mode or Safe Mode.

See how to do a Repair installation of Windows XP here...


To Perform a Windows XP repair installation
Boot the computer using the XP CD.
  1. When you see the "Welcome To Setup" screen, you will see the options below This portion of the Setup program prepares Microsoft Windows XP to run on your computer.
    To-Perform-a-Windows-XP-repair-installation_XPrepair1.jpg
  2. Press Enter to start the Windows Setup. Do not choose "To repair a Windows XP installation using the Recovery Console, press R", (you do not want to load Recovery Console).
  3. Accept the License Agreement and Windows will search for existing Windows installations.
    To-Perform-a-Windows-XP-repair-installation_XPrepair2.jpg

    Select the XP installation you want to repair from the list and press R to start the repair.
    To-Perform-a-Windows-XP-repair-installation_XPrepair3.jpg

  4. “Your windows will run to it’s usual installation process, however, it is a lot quicker this time. But don’t panic it will not wipe your files, it will just repair your system.”
  5. “At some point you will be ask to enter the serial number and restart the computer.”
  6. “When it finishes the setup your files will still be there but the Windows errors you had will not.”

Let me know if you are facing any problems to do it......
 
M

melissawski

New Member
Thread author
Verified
Jan 11, 2013
31
I did exactly this. It began the installation process and then I got the pop up that says "lsass.exe system error.
An invalid parameter was passed to a service or function." and so I clicked okay and it went back to installing but just a couple of seconds after that a larger pop up came up but It shut down so fast that I could not read it. All I could catch was "an error occurred" and I think I saw "application". And now it just keeps resetting itself and doing the same thing. I press nothing and it keeps doing the above. I pressed F12 to start from the CD again and did what you said above again and it said something like "an attempt to repair windows was already made" but it let me choose repair again so I did. It just began installing again and failed and restarted itself to repeat the process. What next :( I thought about what I have on my laptop that is worth saving and I do not think I have a lot of pictures but I do know I have a couple of programs that I really enjoy (winx dvd ripper platinum that I won the license code for from their giveaway they did a couple of years ago. I don't have the license code written anywhere). So if we can avoid installing a fresh copy, that would be awesome. I might go to sleep soon but please leave any suggestions if you can! Thank you!!!
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Please print these instruction out so that you know what you are doing
  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Download List Parts and save it to the flash drive also.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Wait for the CD to detect your hardware and load the operating system
  • Your system should now display a Reatogo desktop
    Note : as you are running from CD it is not exactly speedy
  • Insert the USB with FRST
  • Locate the flash drive with FRST and double click
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • Next click List Parts and then click Scan
    It will make a log Results.txt on the flash drive. Please copy and paste it to your reply.
 
M

melissawski

New Member
Thread author
Verified
Jan 11, 2013
31
this all needs to be done on my working computer, correct? I usually burn CD/DVD on my laptop and so I'm having trouble figuring out how to burn them on my desktop. I opened IMGBURN and it when I open the CD tray it says logical unit is in process of being ready and then when it's ready, it says "medium not present". I've tried multiple blank cds. I'm checking the drivers to see if they need updating.
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
make sure you are having a cd writer on your work computer. Other wise you can burn it on any other computer, like your friends computer.
 
M

melissawski

New Member
Thread author
Verified
Jan 11, 2013
31
nevermind. I remembered I had a portable cd/dvd burner in my closet. I burned the Kaspersky Rescue Disk and booted from that. It is currently scanning the laptop. I was finding bad things before it even hit 1% :-/ So I hope it finds all the viruses and gets the off my laptop so it's usable again. I will keep you updated. Thanks!!
 
M

melissawski

New Member
Thread author
Verified
Jan 11, 2013
31
melissawski said:
is there a way to do it without a CD? my cd burner on my desktop is not working.
Click to expand...

melissawski said:
nevermind. I remembered I had a portable cd/dvd burner in my closet. I burned the Kaspersky Rescue Disk and booted from that. It is currently scanning the laptop. I was finding bad things before it even hit 1% :-/ So I hope it finds all the viruses and gets the off my laptop so it's usable again. I will keep you updated. Thanks!!
Click to expand...

ugh. The scan finished. It found 62 trojans and I deleted them all. I ran the scan a 2nd time just for safe measure and it found nothing. I shut down my computer and it went in the windows set up and I am still getting the "lsass.exe invaild parameter" error. I got into the repair console and it wants the administrator password but anything I try is invalid. How do I fix this? I'm still not able to access the laptop in Normal mode. I tried safe mode and it restarted.
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
kuttus said:
Please print these instruction out so that you know what you are doing
  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Download List Parts and save it to the flash drive also.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Wait for the CD to detect your hardware and load the operating system
  • Your system should now display a Reatogo desktop
    Note : as you are running from CD it is not exactly speedy
  • Insert the USB with FRST
  • Locate the flash drive with FRST and double click
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • Next click List Parts and then click Scan
    It will make a log Results.txt on the flash drive. Please copy and paste it to your reply.
Click to expand...


Do you Try to do the above steps? Please update me the Log Files for the same.....
 
M

melissawski

New Member
Thread author
Verified
Jan 11, 2013
31
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-01-2013
Ran by SYSTEM at 12-01-2013 21:10:16
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe [2183168 2007-10-09] (Dell Inc.)
HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay [45056 2006-01-02] (ATI Technologies Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" [251744 2011-06-06] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-11-13] (Apple Inc.)
HKLM\...\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [53248 2005-02-23] (CyberLink Corp.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [570664 2008-07-09] (Nero AG)
HKLM\...\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe [2049320 2008-07-10] (Nero AG)
HKLM\...\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe [1083176 2008-07-10] (Nero AG)
HKLM\...\Run: [Prolific2571_OneButton] C:\Program Files\Prolific\EZ-DUB Finder\OneBtn.exe [65536 2008-11-13] (Prolific)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [SonyAgent] C:\WINDOWS\Temp\temp35.exe [x]
HKLM\...\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [ATIModeChange] Ati2mdxx.exe [x]
HKLM\...\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp [x]
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [19752 2008-06-24] (Nero AG)
HKU\Default User\...\Run: [3DVIA] rundll32 "C:\Documents and Settings\Wlasniewski\Local Settings\Application Data\Ahead\3DVIA\smjoebg.dll",DllRegisterServerW [x]
HKU\NetworkService\...\Run: [Adobe CS Manager] C:\Documents and Settings\NetworkService\Application Data\e88ea456-8171-467e-a64d-c7a2745eed9479\eeaeadcaeed.exe [0 2013-01-10] ()
HKU\Wlasniewski\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2004-08-04] (Microsoft Corporation)
HKU\Wlasniewski\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [17361032 2011-07-29] (Skype Technologies S.A.)
HKU\Wlasniewski\...\Run: [PCShowServer] "C:\Documents and Settings\Wlasniewski\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe" [351888 2012-04-02] (NDS Technologies)
HKU\Wlasniewski\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [1840424 2008-06-24] (Nero AG)
HKU\Wlasniewski\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-06-20] (Hewlett-Packard Company)
HKLM\...\Policies\Explorer\Run: [44163] C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msyauoi.bat [x]
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\ComPlusSetup: C:\WINDOWS\system32\catsrvut.dll (Microsoft Corporation)
Winlogon\Notify\EFS: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
AppInit_DLLs:

==================== Services (Whitelisted) ===================

2 avgfws; "C:\Program Files\AVG\AVG2012\avgfws.exe" [2321560 2012-06-13] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 Eventlog; C:\Windows\System32\services.exe [108032 2004-08-04] (Microsoft Corporation)
2 InCDsrv; C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe [1442088 2008-07-10] (Nero AG)
2 NeroRegInCDSrv; C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [53032 2008-07-10] (Nero AG)
2 RoxioNow Service; C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe [400368 2011-08-02] (Rovi Corporation)
4 HidServ; C:\Windows\System32\hidserv.dll [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1578496 2006-05-23] (ATI Technologies Inc.)
3 Avgfwdx; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
3 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [237408 2012-07-26] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301920 2012-08-24] (AVG Technologies CZ, s.r.o.)
3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [1123328 2007-10-09] (Broadcom Corp.)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [137728 2004-08-12] (Windows (R) Server 2003 DDK provider)
3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.)
3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [128424 2008-07-10] (Nero AG)
1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [38952 2008-07-10] (Nero AG)
1 InCDRec; C:\Windows\System32\drivers\InCDRec.sys [18088 2008-07-10] (Nero AG)
1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [40488 2008-07-10] (Nero AG)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85376 2004-08-03] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
3 NPF; C:\Windows\System32\drivers\NPF.sys [50704 2012-12-30] (CACE Technologies, Inc.)
3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2004-08-04] (Microsoft Corporation)
3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15360 2004-08-04] (Microsoft Corporation)
3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2011-11-24] (RapidSolution Software AG)
3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2011-05-23] (Wondershare)
3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2011-05-23] (Wondershare)
3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2011-05-23] (Wondershare)
3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2011-05-23] (Wondershare)
3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2011-05-23] (Wondershare)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19328 2004-08-03] (Microsoft Corporation)
2 0240861319997418mcinstcleanup; [x]
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-01-12 21:09 - 2013-01-12 21:09 - 00000000 ____D C:\FRST
2013-01-12 15:26 - 2013-01-12 15:26 - 00065536 ____A C:\Windows\System32\config\Internet.evt
2013-01-12 15:26 - 2013-01-12 15:26 - 00065536 ____A C:\Windows\System32\config\ACEEvent.evt
2013-01-12 15:24 - 2013-01-12 15:26 - 00262144 ____A C:\Windows\System32\config\security.sav
2013-01-12 15:24 - 2013-01-12 15:26 - 00024576 ____A C:\Windows\System32\config\sam.sav
2013-01-12 11:25 - 2013-01-12 11:25 - 00001024 ___AH C:\Windows\System32\config\TempKey.LOG
2013-01-12 11:25 - 2013-01-12 11:25 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2013-01-12 11:25 - 2013-01-12 11:25 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2013-01-12 11:25 - 2013-01-12 11:25 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2013-01-12 08:15 - 2013-01-12 08:42 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-01-11 12:26 - 2013-01-11 12:26 - 00001448 ____A C:\Windows\COM+.log
2013-01-11 12:19 - 2004-08-04 07:00 - 00571392 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintlgnt.ime
2013-01-11 12:19 - 2004-08-04 07:00 - 00456704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smtpsvc.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00455168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintsetp.exe
2013-01-11 12:19 - 2004-08-04 07:00 - 00426041 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\voicepad.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00363520 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\w3svc.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00358400 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpincl.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00259072 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpcl.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00236544 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smi2smir.exe
2013-01-11 12:19 - 2004-08-04 07:00 - 00221696 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\seo.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00188416 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpsmir.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00185344 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\thawbrkr.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winzm.ime
2013-01-11 12:19 - 2004-08-04 07:00 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winsp.ime
2013-01-11 12:19 - 2004-08-04 07:00 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winpy.ime
2013-01-11 12:19 - 2004-08-04 07:00 - 00143422 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\softkey.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00103424 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\uihelper.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00101376 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\srusbusd.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00086073 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\voicesub.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00083748 ___AC C:\Windows\System32\dllcache\prcp.nls
2013-01-11 12:19 - 2004-08-04 07:00 - 00083748 ___AC C:\Windows\System32\dllcache\prc.nls
2013-01-11 12:19 - 2004-08-04 07:00 - 00079872 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rwia330.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00079872 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rwia001.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00079360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winar30.ime
2013-01-11 12:19 - 2004-08-04 07:00 - 00077824 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\quick.ime
2013-01-11 12:19 - 2004-08-04 07:00 - 00076800 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wam51.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00076288 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\uniime.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00073728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\w3ext.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00069120 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wingb.ime
2013-01-11 12:19 - 2004-08-04 07:00 - 00065536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winime.ime
2013-01-11 12:19 - 2004-08-04 07:00 - 00065024 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\unicdime.ime
2013-01-11 12:19 - 2004-08-04 07:00 - 00053248 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wamreg51.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00048256 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\w32.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00046592 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\svcext51.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00046592 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sspifilt.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00045056 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ssinc51.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00044032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintlphr.exe
2013-01-11 12:19 - 2004-08-04 07:00 - 00041600 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\weitekp9.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00040448 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpthrd.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00038912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm9aw.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00032768 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmp.exe
2013-01-11 12:19 - 2004-08-04 07:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smb6w.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sma3w.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00031232 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\weitekp9.sys
2013-01-11 12:19 - 2004-08-04 07:00 - 00031232 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tools.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00030208 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm87w.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00030208 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm81w.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00029184 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8cw.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00028288 ___AC C:\Windows\System32\dllcache\xjis.nls
2013-01-11 12:19 - 2004-08-04 07:00 - 00026624 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rw330ext.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm93w.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm92w.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm90w.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8dw.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8aw.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm89w.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\romanime.ime
2013-01-11 12:19 - 2004-08-04 07:00 - 00025088 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm59w.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00024576 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\rw001ext.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00021896 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdipx.sys
2013-01-11 12:19 - 2004-08-04 07:00 - 00020736 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ramdisk.sys
2013-01-11 12:19 - 2004-08-04 07:00 - 00019464 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdspx.sys
2013-01-11 12:19 - 2004-08-04 07:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\simptcp.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00016896 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\status.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\quser.exe
2013-01-11 12:19 - 2004-08-04 07:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smierrsm.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00014848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\register.exe
2013-01-11 12:19 - 2004-08-04 07:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tsprof.exe
2013-01-11 12:19 - 2004-08-04 07:00 - 00013192 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdasync.sys
2013-01-11 12:19 - 2004-08-04 07:00 - 00010752 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smtpapi.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00010240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tmigrate.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00010240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpstup.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00009728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\rwnh.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00009728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\query.exe
2013-01-11 12:19 - 2004-08-04 07:00 - 00009216 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wamps51.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00008704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmptrap.exe
2013-01-11 12:19 - 2004-08-04 07:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pwsdata.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpmib.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\w3svapi.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smimsgif.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smierrsy.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00004608 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\w3ctrs51.dll
2013-01-11 12:19 - 2004-08-04 07:00 - 00004096 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\rpcref.dll
2013-01-11 12:19 - 2001-08-17 22:36 - 00057856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_scripto.dll
2013-01-11 12:19 - 2001-08-17 22:36 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_seos.dll
2013-01-11 12:19 - 2001-08-17 22:36 - 00023040 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_regtrace.exe
2013-01-11 12:19 - 2001-08-17 22:36 - 00012288 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_smtpctrs.dll
2013-01-11 12:19 - 2001-08-17 22:36 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_snprfdll.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 10129408 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hwxkor.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 01875968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msir3jp.lex
2013-01-11 12:18 - 2004-08-04 07:00 - 01158818 ___AC C:\Windows\System32\dllcache\korwbrkr.lex
2013-01-11 12:18 - 2004-08-04 07:00 - 00811064 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjp81k.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00716856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpcus.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00482304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlgnt.ime
2013-01-11 12:18 - 2004-08-04 07:00 - 00471102 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imskdic.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00368696 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpcic.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00340023 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjp81.ime
2013-01-11 12:18 - 2004-08-04 07:00 - 00315452 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imskf.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00311359 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imepadsv.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00307257 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdct.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00274489 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjputyc.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00262200 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjputy.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00257024 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\infocomm.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00233527 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjprw.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00229439 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\multibox.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00208952 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpmig.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00196665 ___AC C:\Windows\System32\dllcache\imjpinst.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00175104 ___AC C:\Windows\System32\dllcache\pintlcsa.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00155705 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdsvr.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00145408 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iische51.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00134339 ___AC C:\Windows\System32\dllcache\imekr.lex
2013-01-11 12:18 - 2004-08-04 07:00 - 00131584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxviceo.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00111104 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mtstocom.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00106496 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrcic.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00102463 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imepadsm.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00102456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imlang.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00098304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msir3jp.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00094720 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekr61.ime
2013-01-11 12:18 - 2004-08-04 07:00 - 00092416 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mga.sys
2013-01-11 12:18 - 2004-08-04 07:00 - 00092032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mga.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00086016 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrmbx.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00085504 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\metada51.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00081976 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdct.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00079872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iislog51.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00079360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\phon.ime
2013-01-11 12:18 - 2004-08-04 07:00 - 00070656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\korwbrkr.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00070144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlphr.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00067584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmigrate.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00060928 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisclex4.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00059904 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imkrinst.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00059392 ___AC C:\Windows\System32\dllcache\imscinst.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00057398 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdadm.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00053760 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlcsd.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00053248 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\nextlink.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00047066 ___AC C:\Windows\System32\dllcache\ksc.nls
2013-01-11 12:18 - 2004-08-04 07:00 - 00045109 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpuex.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00044544 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\nsepm.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00044032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrmig.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00037888 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\md5filt.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00036927 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs411.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00035328 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iprip.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00033792 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lmmib2.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pagecnt.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mdsync.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iscomlog.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00025088 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisadmin.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00022528 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lpdsvc.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00022016 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\logscrpt.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00020992 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\permchk.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iiscrmap.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lprmon.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00018432 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\jupiw.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs404.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetin51.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00015360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs804.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs412.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00013312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lonsint.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00011264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxmcro.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00009216 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnecat.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00009216 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iwrps.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00008704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\infoctrs.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\migregdb.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnecnt.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnec95.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdibm02.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\isapips.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisfecnv.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdlk41a.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iissync.exe
2013-01-11 12:18 - 2004-08-04 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxgl.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdth3.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdth2.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdlk41j.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinpun.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdax2.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd106n.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101a.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdvntc.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdusa.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdurdu.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdth1.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdth0.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdsyr2.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdsyr1.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdintel.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdintam.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinmar.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinkan.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinhin.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinguj.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdindev.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdheb.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdfa.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbddiv2.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbddiv1.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbda3.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbda2.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbda1.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005120 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdgeo.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005120 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdarmw.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00005120 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdarme.dll
2013-01-11 12:18 - 2004-08-04 07:00 - 00003584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iismui.dll
2013-01-11 12:18 - 2001-08-17 22:36 - 00065536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_mailmsg.dll
2013-01-11 12:18 - 2001-08-17 22:36 - 00038912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_ntfsdrv.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 13463552 ___AC C:\Windows\System32\dllcache\hwxjpn.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 10096640 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hwxcht.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 01677824 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chsbrkr.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00838144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtbrkr.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00562176 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsst.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00480256 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintsetp.exe
2013-01-11 12:17 - 2004-08-04 07:00 - 00452096 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsapi.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00400384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsxp32.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00397312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxstiff.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00369664 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\asp51.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00331264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\aqueue.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00285184 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscomex.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00268288 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\httpext.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00267776 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxssvc.exe
2013-01-11 12:17 - 2004-08-04 07:00 - 00246272 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxst30.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00229376 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscover.exe
2013-01-11 12:17 - 2004-08-04 07:00 - 00218112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\c_g18030.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00198656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintime.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00195618 ___AC C:\Windows\System32\dllcache\c_10002.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00192512 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxswzrd.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00189986 ___AC C:\Windows\System32\dllcache\c_1361.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00187938 ___AC C:\Windows\System32\dllcache\c_20005.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00186402 ___AC C:\Windows\System32\dllcache\c_20001.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00185378 ___AC C:\Windows\System32\dllcache\c_20003.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00180770 ___AC C:\Windows\System32\dllcache\c_20932.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00180258 ___AC C:\Windows\System32\dllcache\c_20004.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00180258 ___AC C:\Windows\System32\dllcache\c_20000.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00177698 ___AC C:\Windows\System32\dllcache\c_20949.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00177698 ___AC C:\Windows\System32\dllcache\c_10003.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_20936.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_20002.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_10008.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00173568 ___AC C:\Windows\System32\dllcache\chtskf.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00162850 ___AC C:\Windows\System32\dllcache\c_10001.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00154112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsui.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00143360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsclnt.exe
2013-01-11 12:17 - 2004-08-04 07:00 - 00132608 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsclntr.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00125952 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ftpsv251.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00111104 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscfgwz.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00108827 ___AC C:\Windows\System32\dllcache\hanja.lex
2013-01-11 12:17 - 2004-08-04 07:00 - 00101888 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\evntagnt.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00097792 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtmbx.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00092160 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\evntwin.exe
2013-01-11 12:17 - 2004-08-04 07:00 - 00082172 ___AC C:\Windows\System32\dllcache\bopomofo.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00078848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\dayi.ime
2013-01-11 12:17 - 2004-08-04 07:00 - 00078336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chajei.ime
2013-01-11 12:17 - 2004-08-04 07:00 - 00072192 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscom.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00066728 ___AC C:\Windows\System32\dllcache\big5.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_864.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_862.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_858.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_720.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_870.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_708.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_28596.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_21027.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_21025.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20924.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20880.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20871.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20838.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20833.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20424.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20423.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20420.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20297.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20290.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20285.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20284.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20280.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20278.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20277.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20273.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20269.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20108.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20107.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20106.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20105.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1149.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1148.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1147.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1146.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1145.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1144.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1143.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1142.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1141.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1140.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1047.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_10021.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_10005.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_10004.nls
2013-01-11 12:17 - 2004-08-04 07:00 - 00061440 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\httpod51.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00057856 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esuimgd.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00057399 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cplexe.exe
2013-01-11 12:17 - 2004-08-04 07:00 - 00056320 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\convlog.exe
2013-01-11 12:17 - 2004-08-04 07:00 - 00056320 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtskdic.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00055296 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsevent.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00054528 ___AC (Philips Semiconductors GmbH) C:\Windows\System32\dllcache\cap7146.sys
2013-01-11 12:17 - 2004-08-04 07:00 - 00045568 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\browscap.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00045056 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esunid.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00042496 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\davcdata.exe
2013-01-11 12:17 - 2004-08-04 07:00 - 00039936 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hostmib.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00036864 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hanjadic.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00033792 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\controt.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00032256 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\gzip.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00031744 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esucmd.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsroute.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00029184 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\asptxn.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00027136 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsdrv.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00025856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\et4000.sys
2013-01-11 12:17 - 2004-08-04 07:00 - 00024064 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\evntcmd.exe
2013-01-11 12:17 - 2004-08-04 07:00 - 00024064 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\compfilt.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00023552 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsmon.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00023552 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsext32.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00021504 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintlgnt.ime
2013-01-11 12:17 - 2004-08-04 07:00 - 00020480 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\counters.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cprofile.exe
2013-01-11 12:17 - 2004-08-04 07:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chgport.exe
2013-01-11 12:17 - 2004-08-04 07:00 - 00014848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\flattemp.exe
2013-01-11 12:17 - 2004-08-04 07:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\exstrace.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chgusr.exe
2013-01-11 12:17 - 2004-08-04 07:00 - 00013312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chglogon.exe
2013-01-11 12:17 - 2004-08-04 07:00 - 00011264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxssend.exe
2013-01-11 12:17 - 2004-08-04 07:00 - 00010752 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\c_iscii.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00010240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\aspperf.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00009728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\change.exe
2013-01-11 12:17 - 2004-08-04 07:00 - 00009216 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\authfilt.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00008704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsperf.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00008192 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\httpmb51.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ftpctrs2.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\f3ahvoas.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsres.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\c_is2022.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ftpmib.dll
2013-01-11 12:17 - 2004-08-04 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ftlx041e.dll
2013-01-11 12:17 - 2003-03-24 16:52 - 00094208 ___AC C:\Windows\System32\dllcache\fpencode.dll
2013-01-11 12:17 - 2003-03-24 16:52 - 00024632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpadmcgi.exe
2013-01-11 12:17 - 2003-03-24 16:52 - 00020541 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpadmdll.dll
2013-01-11 12:17 - 2001-08-17 22:36 - 00043520 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_fcachdll.dll
2013-01-11 12:16 - 2013-01-11 12:16 - 00262144 ____A C:\Windows\System32\config\userdifr
2013-01-11 12:16 - 2013-01-11 12:16 - 00001024 ___AH C:\Windows\System32\config\userdifr.LOG
2013-01-11 12:16 - 2013-01-11 12:16 - 00000000 ____D C:\Windows\LastGood.Tmp
2013-01-11 12:16 - 2004-08-04 07:00 - 02134528 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smtpsnap.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00829440 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetmgr.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00290816 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\adsiis51.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00275968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\certwiz.ocx
2013-01-11 12:16 - 2004-08-04 07:00 - 00189440 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smtpadm.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00169984 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisui.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00133632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisrtl.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00108544 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\appconf.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00094720 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\certmap.ocx
2013-01-11 12:16 - 2004-08-04 07:00 - 00076800 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\logui.ocx
2013-01-11 12:16 - 2004-08-04 07:00 - 00076288 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cnfgprts.ocx
2013-01-11 12:16 - 2004-08-04 07:00 - 00068608 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\isatq.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00068608 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisext51.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00064512 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iismap.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00049664 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\adrot.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00046592 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\coadmin.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00043520 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\admwprox.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00030720 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisrstas.exe
2013-01-11 12:16 - 2004-08-04 07:00 - 00029696 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\admexs.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00019968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetsloc.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0804.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0412.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0411.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt040d.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0404.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0401.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisreset.exe
2013-01-11 12:16 - 2004-08-04 07:00 - 00013312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\infoadmn.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00008192 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\staxmem.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetmgr.exe
2013-01-11 12:16 - 2004-08-04 07:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wamregps.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ftpsapi2.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\admxprox.dll
2013-01-11 12:16 - 2004-08-04 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisrstap.dll
2013-01-11 12:16 - 2004-05-13 00:39 - 00876653 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4awel.dll
2013-01-11 12:16 - 2004-05-13 00:39 - 00598071 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpmmc.dll
2013-01-11 12:16 - 2004-05-13 00:39 - 00184435 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4amsft.dll
2013-01-11 12:16 - 2003-03-24 16:52 - 00208896 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpmmcsat.dll
2013-01-11 12:16 - 2003-03-24 16:52 - 00188494 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpcount.exe
2013-01-11 12:16 - 2003-03-24 16:52 - 00188480 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cfgwiz.exe
2013-01-11 12:16 - 2003-03-24 16:52 - 00147513 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4apws.dll
2013-01-11 12:16 - 2003-03-24 16:52 - 00109328 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp98swin.exe
2013-01-11 12:16 - 2003-03-24 16:52 - 00102509 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4atxt.dll
2013-01-11 12:16 - 2003-03-24 16:52 - 00082035 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4anscp.dll
2013-01-11 12:16 - 2003-03-24 16:52 - 00049212 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4awebs.dll
2013-01-11 12:16 - 2003-03-24 16:52 - 00049210 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4areg.dll
2013-01-11 12:16 - 2003-03-24 16:52 - 00041020 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4avnb.dll
2013-01-11 12:16 - 2003-03-24 16:52 - 00032827 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tcptest.exe
2013-01-11 12:16 - 2003-03-24 16:52 - 00032826 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4avss.dll
2013-01-11 12:16 - 2003-03-24 16:52 - 00020541 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpexedll.dll
2013-01-11 12:16 - 2003-03-24 16:52 - 00020540 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\author.dll
2013-01-11 12:16 - 2003-03-24 16:52 - 00020540 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\admin.dll
2013-01-11 12:16 - 2003-03-24 16:52 - 00020538 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpremadm.exe
2013-01-11 12:16 - 2003-03-24 16:52 - 00020536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\shtml.dll
2013-01-11 12:16 - 2003-03-24 16:52 - 00016439 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\author.exe
2013-01-11 12:16 - 2003-03-24 16:52 - 00016439 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\admin.exe
2013-01-11 12:16 - 2003-03-24 16:52 - 00016437 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\shtml.exe
2013-01-11 12:16 - 2003-03-24 16:52 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tcptsat.dll
2013-01-11 12:16 - 2003-03-24 16:52 - 00014608 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp98sadm.exe
2013-01-11 12:16 - 2001-08-17 22:36 - 00045056 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_aqadmin.dll
2013-01-11 12:16 - 2001-08-17 22:36 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_adsiisex.dll
2013-01-11 12:14 - 2004-08-04 07:00 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\isignup.exe
2013-01-11 12:13 - 2013-01-11 12:13 - 00001041 ____A C:\Windows\sessmgr.setup.log
2013-01-11 12:12 - 2013-01-11 12:16 - 00001121 ____A C:\Windows\wmsetup.log
2013-01-11 12:12 - 2013-01-11 12:12 - 00000120 ____A C:\Windows\DtcInstall.log
2013-01-11 12:11 - 2013-01-11 12:11 - 00000173 ____A C:\Windows\cmsetacl.log
2013-01-11 11:52 - 2013-01-11 12:24 - 00021645 ____A C:\Windows\comsetup.log
2013-01-11 11:52 - 2013-01-11 12:21 - 00063252 ____A C:\Windows\iis6.log
2013-01-11 11:52 - 2013-01-11 12:21 - 00011567 ____A C:\Windows\ntdtcsetup.log
2013-01-11 11:52 - 2013-01-11 12:21 - 00010978 ____A C:\Windows\tsoc.log
2013-01-11 11:52 - 2013-01-11 12:21 - 00004382 ____A C:\Windows\imsins.log
2013-01-11 11:52 - 2013-01-11 12:21 - 00001294 ____A C:\Windows\tabletoc.log
2013-01-11 11:52 - 2013-01-11 12:21 - 00000885 ____A C:\Windows\ocmsn.log
2013-01-11 11:52 - 2013-01-11 12:13 - 00015038 ____A C:\Windows\FaxSetup.log
2013-01-11 11:52 - 2013-01-11 12:13 - 00014732 ____A C:\Windows\ocgen.log
2013-01-11 11:52 - 2013-01-11 12:13 - 00002790 ____A C:\Windows\netfxocm.log
2013-01-11 11:52 - 2013-01-11 12:13 - 00001646 ____A C:\Windows\MedCtrOC.log
2013-01-11 11:52 - 2013-01-11 12:13 - 00000927 ____A C:\Windows\msgsocm.log
2013-01-11 11:52 - 2013-01-11 12:12 - 00010148 ____A C:\Windows\msmqinst.log
2013-01-11 11:52 - 2013-01-11 12:08 - 00001494 ____A C:\Windows\regopt.log
2013-01-11 11:52 - 2004-08-04 07:00 - 00024661 ___AC (Perle Systems Ltd.) C:\Windows\System32\dllcache\spxcoins.dll
2013-01-11 11:52 - 2004-08-04 07:00 - 00013312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\irclass.dll
2013-01-11 11:51 - 2005-03-21 20:48 - 00007710 ___AC C:\Windows\System32\dllcache\OEMBIOS.CAT
2013-01-11 11:51 - 2004-08-04 07:00 - 02012670 ___AC C:\Windows\System32\dllcache\NT5.CAT
2013-01-11 11:51 - 2004-08-04 07:00 - 01086058 ___RA C:\Windows\SETCC.tmp
2013-01-11 11:51 - 2004-08-04 07:00 - 01086058 ___AC C:\Windows\System32\dllcache\NTPRINT.CAT
2013-01-11 11:51 - 2004-08-04 07:00 - 01042903 ___RA C:\Windows\SETC9.tmp
2013-01-11 11:51 - 2004-08-04 07:00 - 01042903 ___AC C:\Windows\System32\dllcache\SP2.CAT
2013-01-11 11:51 - 2004-08-04 07:00 - 00797189 ___AC C:\Windows\System32\dllcache\NT5IIS.CAT
2013-01-11 11:51 - 2004-08-04 07:00 - 00502724 ___AC C:\Windows\System32\dllcache\NT5INF.CAT
2013-01-11 11:51 - 2004-08-04 07:00 - 00399645 ___AC C:\Windows\System32\dllcache\MAPIMIG.CAT
2013-01-11 11:51 - 2004-08-04 07:00 - 00141702 ___AC C:\Windows\System32\dllcache\netfx.cat
2013-01-11 11:51 - 2004-08-04 07:00 - 00110116 ___AC C:\Windows\System32\dllcache\tabletpc.cat
2013-01-11 11:51 - 2004-08-04 07:00 - 00037484 ___AC C:\Windows\System32\dllcache\MW770.CAT
2013-01-11 11:51 - 2004-08-04 07:00 - 00031965 ___AC C:\Windows\System32\dllcache\mediactr.cat
2013-01-11 11:51 - 2004-08-04 07:00 - 00031281 ___AC C:\Windows\System32\dllcache\FP4.CAT
2013-01-11 11:51 - 2004-08-04 07:00 - 00024209 ___AC C:\Windows\System32\dllcache\msn7.cat
2013-01-11 11:51 - 2004-08-04 07:00 - 00013753 ___RA C:\Windows\SETD8.tmp
2013-01-11 11:51 - 2004-08-04 07:00 - 00013753 ___AC C:\Windows\System32\dllcache\IMS.CAT
2013-01-11 11:51 - 2004-08-04 07:00 - 00013472 ___AC C:\Windows\System32\dllcache\HPCRDP.CAT
2013-01-11 11:51 - 2004-08-04 07:00 - 00011651 ___AC C:\Windows\System32\dllcache\msn9.cat
2013-01-11 11:51 - 2004-08-04 07:00 - 00009581 ___AC C:\Windows\System32\dllcache\MSMSGS.CAT
2013-01-11 11:51 - 2004-08-04 07:00 - 00008574 ___AC C:\Windows\System32\dllcache\IASNT4.CAT
2013-01-11 11:51 - 2004-08-04 07:00 - 00007245 ___AC C:\Windows\System32\dllcache\MSTSWEB.CAT
2013-01-11 11:48 - 2013-01-12 15:26 - 00070572 ____A C:\Windows\setupact.log
2013-01-11 11:48 - 2013-01-11 20:44 - 00001937 ____A C:\Windows\setuperr.log
2013-01-11 10:00 - 2013-01-11 10:06 - 00000000 ____D C:\Windows\tmp
2013-01-10 15:55 - 2013-01-10 15:55 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-01-10 15:55 - 2013-01-10 15:55 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-01-10 15:52 - 2013-01-10 15:55 - 95023320 ___AT C:\Documents and Settings\All Users\Application Data\4.pad
2013-01-10 08:24 - 2013-01-10 15:15 - 00000000 __SHD C:\Windows\CSC
2013-01-10 08:14 - 2013-01-10 08:14 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\e88ea456-8171-467e-a64d-c7a2745eed9479
2013-01-10 07:39 - 2013-01-10 07:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\e88ea456-8171-467e-a64d-c7a2745eed9479
2013-01-10 07:07 - 2013-01-11 12:25 - 95023320 ___AT C:\Documents and Settings\All Users\Application Data\BE.pad
2013-01-10 07:07 - 2013-01-10 07:07 - 00003085 ____A C:\Documents and Settings\All Users\Application Data\BE.js
2013-01-10 07:07 - 2013-01-10 07:07 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\e88ea456-8171-467e-a64d-c7a2745eed9479
2013-01-02 12:32 - 2013-01-12 09:25 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Ciux
2013-01-02 12:32 - 2013-01-02 12:32 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Zaibt
2013-01-02 12:32 - 2013-01-02 12:32 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Moget
2013-01-02 12:31 - 2013-01-12 09:26 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Xayg
2013-01-02 12:31 - 2013-01-02 12:31 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Ruqe
2013-01-02 12:31 - 2013-01-02 12:31 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Gyeno
2012-12-31 12:44 - 2013-01-12 09:25 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Ugnig
2012-12-31 12:44 - 2012-12-31 12:44 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Izwaur
2012-12-31 12:44 - 2012-12-31 12:44 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Biwaew
2012-12-30 14:09 - 2012-12-30 14:09 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2012-12-30 14:09 - 2012-12-30 14:09 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2012-12-30 14:08 - 2012-12-30 14:08 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2012-12-30 13:49 - 2013-01-12 09:25 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Talo
2012-12-30 13:49 - 2012-12-30 13:49 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Ydul
2012-12-30 13:49 - 2012-12-30 13:49 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Ycny
2012-12-30 13:48 - 2012-12-30 13:48 - 00281104 ____A (CACE Technologies, Inc.) C:\Windows\System32\wpcap.dll
2012-12-30 13:48 - 2012-12-30 13:48 - 00100880 ____A (CACE Technologies, Inc.) C:\Windows\System32\Packet.dll
2012-12-30 13:48 - 2012-12-30 13:48 - 00050704 ____A (CACE Technologies, Inc.) C:\Windows\System32\Drivers\npf.sys
2012-12-30 13:48 - 2004-08-04 05:00 - 00000734 ____A C:\Windows\System32\Drivers\etc\hosts.sys
2012-12-30 13:47 - 2013-01-12 09:26 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Vumyna
2012-12-30 13:47 - 2013-01-10 07:07 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Ixha
2012-12-30 13:47 - 2012-12-30 13:47 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Qukeq
2012-12-17 18:33 - 2012-12-23 13:01 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders ========

2013-01-12 21:09 - 2013-01-12 21:09 - 00000000 ____D C:\FRST
2013-01-12 15:26 - 2013-01-12 15:26 - 00065536 ____A C:\Windows\System32\config\Internet.evt
2013-01-12 15:26 - 2013-01-12 15:26 - 00065536 ____A C:\Windows\System32\config\ACEEvent.evt
2013-01-12 15:26 - 2013-01-12 15:24 - 00262144 ____A C:\Windows\System32\config\security.sav
2013-01-12 15:26 - 2013-01-12 15:24 - 00024576 ____A C:\Windows\System32\config\sam.sav
2013-01-12 15:26 - 2013-01-11 11:48 - 00070572 ____A C:\Windows\setupact.log
2013-01-12 15:26 - 2011-02-10 08:39 - 002867
 
M

melissawski

New Member
Thread author
Verified
Jan 11, 2013
31
2013-01-12 11:25 - 2011-02-10 08:39 - 00000210 _RASH C:\boot.ini
2013-01-12 11:25 - 2011-02-10 08:38 - 00262144 ____A C:\Windows\System32\config\userdiff
2013-01-12 11:25 - 2011-02-10 08:38 - 00001024 ___AH C:\Windows\System32\config\userdiff.LOG
2013-01-12 11:24 - 2011-02-10 08:28 - 00000000 ___RD C:\Windows\Web
2013-01-12 11:24 - 2011-02-10 08:28 - 00000000 ____D C:\Windows\System32\usmt
2013-01-12 11:24 - 2011-02-10 08:28 - 00000000 ____D C:\Windows\system
2013-01-12 11:24 - 2011-02-10 08:28 - 00000000 ____D C:\Windows\mui
2013-01-12 11:24 - 2011-02-10 08:28 - 00000000 ____D C:\Windows\Media
2013-01-12 11:24 - 2011-02-10 08:28 - 00000000 ____D C:\Windows\ime
2013-01-12 11:24 - 2011-02-10 08:28 - 00000000 ____D C:\Windows\Help
2013-01-12 11:23 - 2011-02-10 08:28 - 00000000 ____D C:\Windows\System32\npp
2013-01-12 11:23 - 2011-02-10 08:28 - 00000000 ____D C:\Windows\PeerNet
2013-01-12 11:23 - 2011-02-10 08:28 - 00000000 ____D C:\Windows\msagent
2013-01-12 11:19 - 2011-02-10 08:28 - 00000000 ____D C:\Windows\twain_32
2013-01-12 11:18 - 2011-02-10 08:28 - 00000000 ____D C:\Windows\System32\icsxml
2013-01-12 11:17 - 2011-02-10 08:28 - 00000000 ____D C:\Windows\System32\ias
2013-01-12 11:17 - 2011-02-10 08:28 - 00000000 ____D C:\Windows\System32\1033
2013-01-12 11:15 - 2011-02-10 08:28 - 00000000 ____D C:\Windows\Driver Cache
2013-01-12 09:26 - 2013-01-02 12:31 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Xayg
2013-01-12 09:26 - 2012-12-30 13:47 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Vumyna
2013-01-12 09:25 - 2013-01-02 12:32 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Ciux
2013-01-12 09:25 - 2012-12-31 12:44 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Ugnig
2013-01-12 09:25 - 2012-12-30 13:49 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Talo
2013-01-12 09:21 - 2004-08-04 05:00 - 00000000 __SHD C:\Documents and Settings\Wlasniewski\Application Data\54AC83
2013-01-12 08:42 - 2013-01-12 08:15 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-01-11 20:44 - 2013-01-11 11:48 - 00001937 ____A C:\Windows\setuperr.log
2013-01-11 12:28 - 2011-02-10 17:12 - 00406818 ____A C:\Windows\WindowsUpdate.log
2013-01-11 12:27 - 2011-02-10 17:17 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-01-11 12:26 - 2013-01-11 12:26 - 00001448 ____A C:\Windows\COM+.log
2013-01-11 12:26 - 2011-02-10 17:19 - 00000178 __ASH C:\Documents and Settings\Wlasniewski\ntuser.ini
2013-01-11 12:26 - 2011-02-10 17:18 - 00032508 ____A C:\Windows\SchedLgU.Txt
2013-01-11 12:26 - 2011-02-10 17:18 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-11 12:26 - 2011-02-10 08:44 - 00000275 ____A C:\Windows\wiadebug.log
2013-01-11 12:25 - 2013-01-10 07:07 - 95023320 ___AT C:\Documents and Settings\All Users\Application Data\BE.pad
2013-01-11 12:25 - 2011-02-10 20:26 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-01-11 12:25 - 2011-02-10 17:09 - 00000000 ____D C:\Windows\Registration
2013-01-11 12:25 - 2011-02-10 08:41 - 00553614 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-11 12:24 - 2013-01-11 11:52 - 00021645 ____A C:\Windows\comsetup.log
2013-01-11 12:24 - 2011-02-10 17:19 - 00000062 __ASH C:\Documents and Settings\Wlasniewski\Local Settings\desktop.ini
2013-01-11 12:24 - 2004-08-04 05:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-01-11 12:23 - 2011-02-10 17:10 - 00000000 ____D C:\Windows\System32\Restore
2013-01-11 12:22 - 2011-02-10 17:18 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-01-11 12:22 - 2011-02-10 08:44 - 00000049 ____A C:\Windows\wiaservc.log
2013-01-11 12:22 - 2011-02-10 08:40 - 00120544 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-11 12:21 - 2013-01-11 11:52 - 00063252 ____A C:\Windows\iis6.log
2013-01-11 12:21 - 2013-01-11 11:52 - 00011567 ____A C:\Windows\ntdtcsetup.log
2013-01-11 12:21 - 2013-01-11 11:52 - 00010978 ____A C:\Windows\tsoc.log
2013-01-11 12:21 - 2013-01-11 11:52 - 00004382 ____A C:\Windows\imsins.log
2013-01-11 12:21 - 2013-01-11 11:52 - 00001294 ____A C:\Windows\tabletoc.log
2013-01-11 12:21 - 2013-01-11 11:52 - 00000885 ____A C:\Windows\ocmsn.log
2013-01-11 12:20 - 2011-02-25 13:35 - 00049152 ____A C:\Windows\System32\security
2013-01-11 12:20 - 2011-02-10 08:28 - 00000000 ____D C:\Windows\repair
2013-01-11 12:16 - 2013-01-11 12:16 - 00262144 ____A C:\Windows\System32\config\userdifr
2013-01-11 12:16 - 2013-01-11 12:16 - 00001024 ___AH C:\Windows\System32\config\userdifr.LOG
2013-01-11 12:16 - 2013-01-11 12:16 - 00000000 ____D C:\Windows\LastGood.Tmp
2013-01-11 12:16 - 2013-01-11 12:12 - 00001121 ____A C:\Windows\wmsetup.log
2013-01-11 12:16 - 2011-02-10 17:13 - 00316640 ___AC C:\Windows\WMSysPr9.prx
2013-01-11 12:16 - 2011-02-10 17:13 - 00023392 ____A C:\Windows\System32\nscompat.tlb
2013-01-11 12:16 - 2011-02-10 17:13 - 00016832 ____A C:\Windows\System32\amcompat.tlb
2013-01-11 12:16 - 2011-02-10 08:28 - 00000000 ____D C:\Windows\security
2013-01-11 12:15 - 2011-02-10 08:41 - 00004161 ___AC C:\Windows\ODBCINST.INI
2013-01-11 12:14 - 2011-02-10 17:12 - 00000749 _RAHC C:\Windows\System32\cdplayer.exe.manifest
2013-01-11 12:14 - 2011-02-10 17:12 - 00000488 __RAH C:\Windows\System32\WindowsLogon.manifest
2013-01-11 12:14 - 2011-02-10 17:10 - 00000000 ____D C:\Program Files\Outlook Express
2013-01-11 12:14 - 2011-02-10 17:10 - 00000000 ____D C:\Program Files\Movie Maker
2013-01-11 12:14 - 2011-02-10 17:10 - 00000000 ____D C:\Program Files\Common Files\System
2013-01-11 12:14 - 2004-08-04 05:00 - 00000539 ____A C:\Windows\win.ini
2013-01-11 12:13 - 2013-01-11 12:13 - 00001041 ____A C:\Windows\sessmgr.setup.log
2013-01-11 12:13 - 2013-01-11 11:52 - 00015038 ____A C:\Windows\FaxSetup.log
2013-01-11 12:13 - 2013-01-11 11:52 - 00014732 ____A C:\Windows\ocgen.log
2013-01-11 12:13 - 2013-01-11 11:52 - 00002790 ____A C:\Windows\netfxocm.log
2013-01-11 12:13 - 2013-01-11 11:52 - 00001646 ____A C:\Windows\MedCtrOC.log
2013-01-11 12:13 - 2013-01-11 11:52 - 00000927 ____A C:\Windows\msgsocm.log
2013-01-11 12:13 - 2011-02-10 17:08 - 00000000 ____D C:\Windows\System32\Com
2013-01-11 12:12 - 2013-01-11 12:12 - 00000120 ____A C:\Windows\DtcInstall.log
2013-01-11 12:12 - 2013-01-11 11:52 - 00010148 ____A C:\Windows\msmqinst.log
2013-01-11 12:12 - 2011-02-10 17:09 - 00022720 ___AC C:\Windows\System32\emptyregdb.dat
2013-01-11 12:11 - 2013-01-11 12:11 - 00000173 ____A C:\Windows\cmsetacl.log
2013-01-11 12:08 - 2013-01-11 11:52 - 00001494 ____A C:\Windows\regopt.log
2013-01-11 11:52 - 2004-08-04 05:00 - 00000231 ____A C:\Windows\system.ini
2013-01-11 11:51 - 2011-02-10 08:41 - 00000062 _ASHC C:\Documents and Settings\Default User\Local Settings\desktop.ini
2013-01-11 11:51 - 2011-02-10 08:41 - 00000062 __ASH C:\Documents and Settings\Default User\Application Data\desktop.ini
2013-01-11 11:51 - 2011-02-10 08:41 - 00000062 __ASH C:\Documents and Settings\All Users\Application Data\desktop.ini
2013-01-11 10:06 - 2013-01-11 10:00 - 00000000 ____D C:\Windows\tmp
2013-01-10 15:55 - 2013-01-10 15:55 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-01-10 15:55 - 2013-01-10 15:55 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-01-10 15:55 - 2013-01-10 15:52 - 95023320 ___AT C:\Documents and Settings\All Users\Application Data\4.pad
2013-01-10 15:55 - 2012-04-03 19:42 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-01-10 15:55 - 2012-04-03 19:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-10 15:55 - 2011-05-18 05:22 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-01-10 15:15 - 2013-01-10 08:24 - 00000000 __SHD C:\Windows\CSC
2013-01-10 08:14 - 2013-01-10 08:14 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\e88ea456-8171-467e-a64d-c7a2745eed9479
2013-01-10 07:39 - 2013-01-10 07:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\e88ea456-8171-467e-a64d-c7a2745eed9479
2013-01-10 07:07 - 2013-01-10 07:07 - 00003085 ____A C:\Documents and Settings\All Users\Application Data\BE.js
2013-01-10 07:07 - 2013-01-10 07:07 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\e88ea456-8171-467e-a64d-c7a2745eed9479
2013-01-10 07:07 - 2012-12-30 13:47 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Ixha
2013-01-10 06:59 - 2011-06-27 07:13 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-01-02 12:32 - 2013-01-02 12:32 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Zaibt
2013-01-02 12:32 - 2013-01-02 12:32 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Moget
2013-01-02 12:31 - 2013-01-02 12:31 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Ruqe
2013-01-02 12:31 - 2013-01-02 12:31 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Gyeno
2012-12-31 12:59 - 2012-10-18 18:18 - 00000000 ____D C:\Program Files\AVG
2012-12-31 12:59 - 2012-10-06 11:05 - 00000000 ____D C:\Program Files\Common Files\Java
2012-12-31 12:59 - 2012-07-07 15:29 - 00000000 ____D C:\Program Files\Common Files\LightScribe
2012-12-31 12:59 - 2012-07-07 12:21 - 00000000 ____D C:\Program Files\Common Files\Nero
2012-12-31 12:59 - 2011-11-25 13:11 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2012-12-31 12:59 - 2011-11-25 13:10 - 00000000 ____D C:\Program Files\AVS4YOU
2012-12-31 12:59 - 2011-11-23 18:52 - 00000000 ____D C:\Program Files\Aimersoft
2012-12-31 12:59 - 2011-11-23 15:02 - 00000000 ____D C:\Documents and Settings\Wlasniewski\My Documents\Cyberlink
2012-12-31 12:59 - 2011-11-01 13:16 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Desktop\NEW
2012-12-31 12:59 - 2011-10-27 13:01 - 00000000 ____D C:\Program Files\Bonjour
2012-12-31 12:59 - 2011-09-04 12:48 - 00000000 ____D C:\Program Files\Common Files\Steam
2012-12-31 12:59 - 2011-07-31 12:54 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-12-31 12:59 - 2011-07-04 06:30 - 00000000 ____D C:\Documents and Settings\Wlasniewski\My Documents\My iPod
2012-12-31 12:59 - 2011-07-04 06:29 - 00000000 ____D C:\Program Files\Common Files\BSD
2012-12-31 12:59 - 2011-03-16 06:37 - 00000000 ____D C:\Program Files\Apple Software Update
2012-12-31 12:59 - 2011-03-16 06:36 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-12-31 12:59 - 2011-03-16 06:25 - 00000000 ____D C:\Program Files\Amazon
2012-12-31 12:59 - 2011-03-16 06:25 - 00000000 ____D C:\Documents and Settings\Wlasniewski\My Documents\My Kindle Content
2012-12-31 12:59 - 2011-02-23 14:20 - 00000000 ____D C:\Documents and Settings\Administrator\IETldCache
2012-12-31 12:59 - 2011-02-23 14:20 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2012-12-31 12:59 - 2011-02-19 14:26 - 00000000 ____D C:\Program Files\ATI Technologies
2012-12-31 12:59 - 2011-02-19 14:06 - 00000000 ____D C:\057fdcfdf366da90b2895ec50c47
2012-12-31 12:59 - 2011-02-18 20:29 - 00000000 ____D C:\Program Files\Common Files\McAfee
2012-12-31 12:59 - 2011-02-16 16:41 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2012-12-31 12:59 - 2011-02-16 16:41 - 00000000 ____D C:\Program Files\Adobe
2012-12-31 12:59 - 2011-02-10 20:23 - 00000000 ____D C:\Program Files\CONEXANT
2012-12-31 12:59 - 2011-02-10 20:21 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2012-12-31 12:59 - 2011-02-10 17:13 - 00000000 ____D C:\DELL
2012-12-31 12:59 - 2011-02-10 17:11 - 00000000 ____D C:\Program Files\Common Files\Services
2012-12-31 12:59 - 2011-02-10 17:11 - 00000000 ____D C:\Program Files\Common Files\MSSoap
2012-12-31 12:59 - 2011-02-10 17:09 - 00000000 ____D C:\Program Files\ComPlus Applications
2012-12-31 12:59 - 2011-02-10 08:41 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-12-31 12:59 - 2011-02-10 08:41 - 00000000 ____D C:\Program Files\Common Files\ODBC
2012-12-31 12:59 - 2011-02-10 08:41 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-12-31 12:44 - 2012-12-31 12:44 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Izwaur
2012-12-31 12:44 - 2012-12-31 12:44 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Biwaew
2012-12-30 14:11 - 2011-04-27 12:00 - 00000000 ____D C:\Program Files\Google
2012-12-30 14:09 - 2012-12-30 14:09 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2012-12-30 14:09 - 2012-12-30 14:09 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2012-12-30 14:08 - 2012-12-30 14:08 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2012-12-30 14:05 - 2011-08-12 22:58 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Skype
2012-12-30 14:01 - 2012-07-21 12:13 - 00000949 ____A C:\Windows\disney.ini
2012-12-30 13:49 - 2012-12-30 13:49 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Ydul
2012-12-30 13:49 - 2012-12-30 13:49 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Ycny
2012-12-30 13:48 - 2012-12-30 13:48 - 00281104 ____A (CACE Technologies, Inc.) C:\Windows\System32\wpcap.dll
2012-12-30 13:48 - 2012-12-30 13:48 - 00100880 ____A (CACE Technologies, Inc.) C:\Windows\System32\Packet.dll
2012-12-30 13:48 - 2012-12-30 13:48 - 00050704 ____A (CACE Technologies, Inc.) C:\Windows\System32\Drivers\npf.sys
2012-12-30 13:47 - 2012-12-30 13:47 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Application Data\Qukeq
2012-12-30 13:34 - 2012-07-07 12:30 - 00000000 ____D C:\Documents and Settings\Wlasniewski\Local Settings\Application Data\Ahead
2012-12-23 13:01 - 2012-12-17 18:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-12-23 13:01 - 2012-04-28 17:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-12-17 18:12 - 2011-02-16 16:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-08-04 07:00] - [2004-08-04 07:00] - 1032192 ____A (Microsoft Corporation) a0732187050030ae399b241436565e64

C:\Windows\System32\winlogon.exe
[2004-08-04 07:00] - [2004-08-04 07:00] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe

C:\Windows\System32\svchost.exe
[2004-08-04 07:00] - [2004-08-04 07:00] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716

C:\Windows\System32\services.exe
[2004-08-04 07:00] - [2004-08-04 07:00] - 0108032 ____A (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4

C:\Windows\System32\User32.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0577024 ____A (Microsoft Corporation) c72661f8552ace7c5c85e16a3cf505c4

C:\Windows\System32\userinit.exe
[2004-08-04 07:00] - [2004-08-04 07:00] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-04 07:00] - [2004-08-04 07:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-01-11 12:24 - 024576 _restore{B4501A55-2217-4D11-8032-733B493019CB}\RP1


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 2046.37 MB
Available physical RAM: 1807.39 MB
Total Pagefile: 1876.99 MB
Available Pagefile: 1815.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.18 MB

==================== Partitions =============================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:111.78 GB) (Free:77.44 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: (FLASHDRIVE) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT32
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 112 GB 32 KB
=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 112 GB Healthy
=========================================================
==================== End Of Log ============================

ListParts by Farbar Version: 30-10-2012
Ran by SYSTEM (administrator) on 12-01-2013 at 21:12:58
Windows XP (X86)
Running From: D:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 2046.37 MB
Available physical RAM: 1836.37 MB
Total Pagefile: 1876.99 MB
Available Pagefile: 1820.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 2009.38 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:111.78 GB) (Free:77.44 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: (FLASHDRIVE) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT32
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 112 GB 32 KB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 112 GB Healthy
======================================================================================================

****** End Of Log ******
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi,

Download the Following Tools and Save the Tools into a Flash Drive...
1. OTL by OldTimer
2. Malwarebytes Chameleon and extract it to a folder inside the Flash Drive.


  • Reboot your system using the boot CD you created before.
  • Wait for the CD to detect your hardware and load the operating system.
  • Your system should now display a Reatogo desktop
  • Insert the Flash Drive after you see the Reatogo desktop.
  • Now you need to start scan your computer using OTL and Malwarebytes Chameleon.
<hr />

How to Run a scan with OTL by OldTimer
<ol>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Click the<> Run Scan</> button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL.png" alt="" title="OTL" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
<li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
<>Please post this 2 logs in your first reply.</>.</li></ol>
<em>Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: <a title="External link" href="http://www.itxassociates.com/OT-Tools/OTL.scr" rel="nofollow external">OTL.scr</a>, or <a title="External link" href="http://oldtimer.geekstogo.com/OTL.com" rel="nofollow external">OTL.com</a>.</em>

<hr />


How to Run a scan with Malwarebytes Anti-Malware in Chamelon mode

<ol>
<li>Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.</li>
<li>If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window <em><>Note:</> Do not attempt to open <>mbam-killer</> as that is not a Chameleon executable and serves a different purpose)</em></li>
<li>Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for yo</li>
<li>Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click <>OK</> when it says that the database was updated successful</li>
<li>Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan</li>
<li>Upon completion of the scan, if anything has been detected, click on <>Show Result</></li>
<li>Have Malwarebytes Anti-Malware remove any threats that are detected and click <>Yes</> if prompted to reboot your computer to allow the removal process to complete</li>
<li>After your computer restarts, open <>Malwarebytes Anti-Malware</> and perform a Full System scan to verify that there are no remaining threats</li>
Please add both logs in your next reply.
</ol>

<hr />

What's next?

Add the following logs to your next post (You can find here details on how to use the Attachment System):
1. OTL Log
2. Malwarebytes Anti-Malware log
3. Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>

<hr />
 
Last edited by a moderator:
M

melissawski

New Member
Thread author
Verified
Jan 11, 2013
31
kuttus said:
Hi,

Download the Following Tools and Save the Tools into a Flash Drive...
1. OTL by OldTimer
2. Malwarebytes Chameleon and extract it to a folder inside the Flash Drive.


  • Reboot your system using the boot CD you created before.
  • Wait for the CD to detect your hardware and load the operating system.
  • Your system should now display a Reatogo desktop
  • Insert the Flash Drive after you see the Reatogo desktop.
  • Now you need to start scan your computer using OTL and Malwarebytes Chameleon.
<hr />

How to Run a scan with OTL by OldTimer
<ol>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Click the<> Run Scan</> button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL.png" alt="" title="OTL" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
<li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
<>Please post this 2 logs in your first reply.</>.</li></ol>
<em>Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: <a title="External link" href="http://www.itxassociates.com/OT-Tools/OTL.scr" rel="nofollow external">OTL.scr</a>, or <a title="External link" href="http://oldtimer.geekstogo.com/OTL.com" rel="nofollow external">OTL.com</a>.</em>

<hr />


How to Run a scan with Malwarebytes Anti-Malware in Chamelon mode

<ol>
<li>Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.</li>
<li>If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window <em><>Note:</> Do not attempt to open <>mbam-killer</> as that is not a Chameleon executable and serves a different purpose)</em></li>
<li>Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for yo</li>
<li>Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click <>OK</> when it says that the database was updated successful</li>
<li>Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan</li>
<li>Upon completion of the scan, if anything has been detected, click on <>Show Result</></li>
<li>Have Malwarebytes Anti-Malware remove any threats that are detected and click <>Yes</> if prompted to reboot your computer to allow the removal process to complete</li>
<li>After your computer restarts, open <>Malwarebytes Anti-Malware</> and perform a Full System scan to verify that there are no remaining threats</li>
Please add both logs in your next reply.
</ol>

<hr />

What's next?

Add the following logs to your next post (You can find here details on how to use the Attachment System):
1. OTL Log
2. Malwarebytes Anti-Malware log
3. Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>

<hr />
Click to expand...


I got on my desktop to do this and I plugged in my UBS Flash and the computer was not recognizing it in any port (even the ones on the back of the tower) and so I read online to uninstall the USB controllers in the device manager and they will reset but I started to uninstall the drivers and it uninstalled the mouse and keybored drivers so neither of them work. I am using the Konqueror browswer from the Kaspersky Rescue Disk on my laptop. I'm trying to find out how to get my keyboard and mouse working on my desktop. I saved the OTL and the malwarebites on my flashdrive using this konqueror browser on the KRD10 but when I open them, it asks me what do I use to open it. What do I do?
 
Last edited by a moderator:
M

melissawski

New Member
Thread author
Verified
Jan 11, 2013
31
kuttus said:
Hi,

Download the Following Tools and Save the Tools into a Flash Drive...
1. OTL by OldTimer
2. Malwarebytes Chameleon and extract it to a folder inside the Flash Drive.


  • Reboot your system using the boot CD you created before.
  • Wait for the CD to detect your hardware and load the operating system.
  • Your system should now display a Reatogo desktop
  • Insert the Flash Drive after you see the Reatogo desktop.
  • Now you need to start scan your computer using OTL and Malwarebytes Chameleon.
<hr />

How to Run a scan with OTL by OldTimer
<ol>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Click the<> Run Scan</> button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL.png" alt="" title="OTL" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
<li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
<>Please post this 2 logs in your first reply.</>.</li></ol>
<em>Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: <a title="External link" href="http://www.itxassociates.com/OT-Tools/OTL.scr" rel="nofollow external">OTL.scr</a>, or <a title="External link" href="http://oldtimer.geekstogo.com/OTL.com" rel="nofollow external">OTL.com</a>.</em>

<hr />


How to Run a scan with Malwarebytes Anti-Malware in Chamelon mode

<ol>
<li>Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.</li>
<li>If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window <em><>Note:</> Do not attempt to open <>mbam-killer</> as that is not a Chameleon executable and serves a different purpose)</em></li>
<li>Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for yo</li>
<li>Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click <>OK</> when it says that the database was updated successful</li>
<li>Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan</li>
<li>Upon completion of the scan, if anything has been detected, click on <>Show Result</></li>
<li>Have Malwarebytes Anti-Malware remove any threats that are detected and click <>Yes</> if prompted to reboot your computer to allow the removal process to complete</li>
<li>After your computer restarts, open <>Malwarebytes Anti-Malware</> and perform a Full System scan to verify that there are no remaining threats</li>
Please add both logs in your next reply.
</ol>

<hr />

What's next?

Add the following logs to your next post (You can find here details on how to use the Attachment System):
1. OTL Log
2. Malwarebytes Anti-Malware log
3. Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>

<hr />
Click to expand...


Hello again. I fixed my keyboard and mouse problem on my desktop. I put the OTL and Chameleon programs on my flashdrive, started the computer with the disk we made and tried to run the OTL. it said "the application has failed to start because framedyn.dll was not found". i tried the other 2 links for OTL and they all said the same thing. I then tried the chameleon and all 12 links would not work. I noticed the wifi on my laptop was not working so I hooked it to an ethernet and got on the internet and tried it again but all 12 links still would not work. I was looking around all the programs on that disk and noticed the OTL was there so I tried it and it worked so I will attach the txt file.
 

Attachments

  • OTL.txt
    151.6 KB · Views: 142
Last edited by a moderator:
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Please Run the below OTL fix once
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
Code: 
:Files
C:\WINDOWS\Temp\temp35.exe
C:\Documents and Settings\Wlasniewski\Application Data\Qukeq
C:\Documents and Settings\Wlasniewski\Application Data\Ycny
C:\Documents and Settings\Wlasniewski\Application Data\Ydul
C:\Documents and Settings\Wlasniewski\Application Data\Izwaur
C:\Documents and Settings\Wlasniewski\Application Data\Biwaew
C:\Documents and Settings\Wlasniewski\Application Data\Gyeno
C:\Documents and Settings\Wlasniewski\Application Data\Ruq
C:\Documents and Settings\Wlasniewski\Application Data\Moget
C:\Documents and Settings\Wlasniewski\Application Data\Zaibt
C:\Documents and Settings\Wlasniewski\Application Data\e88ea456-8171-467e-a64d-c7a2745eed9479
C:\Documents and Settings\Wlasniewski\Application Data\54AC83
C:\Documents and Settings\Wlasniewski\Application Data\Talo
C:\Documents and Settings\Wlasniewski\Application Data\Ugnig
C:\Documents and Settings\Wlasniewski\Application Data\Ciux
C:\Documents and Settings\Wlasniewski\Application Data\Vumyna
C:\Documents and Settings\Wlasniewski\Application Data\Xayg
C:\Documents and Settings\All Users\Application Data\BE.js
C:\Documents and Settings\All Users\Application Data\BE.pad
C:\Documents and Settings\All Users\Application Data\4.pad
C:\Documents and Settings\Wlasniewski\Local Settings\Application Data\Ahead\3DVIA\smjoebg.dll
C:\Documents and Settings\Wlasniewski\Application Data\e88ea456-8171-467e-a64d-c7a2745eed9479\eeaeadcaeed.exe
C:\Documents and Settings\Wlasniewski\Application Data\pcouffin.sys
C:\Documents and Settings\Wlasniewski\Local Settings\Application Data\dt.dat
C:\Documents and Settings\Wlasniewski\Application Data\default.pls
c:\Documents and Settings\Wlasniewski\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:Commands
[EmptyTemp]
[EmptyFlash]
[EmptyJava]
[Reboot]
<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>

<hr />
 
Last edited by a moderator:
M

melissawski

New Member
Thread author
Verified
Jan 11, 2013
31
kuttus said:
Please Run the below OTL fix once
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
Code: 
:Files
C:\WINDOWS\Temp\temp35.exe
C:\Documents and Settings\Wlasniewski\Application Data\Qukeq
C:\Documents and Settings\Wlasniewski\Application Data\Ycny
C:\Documents and Settings\Wlasniewski\Application Data\Ydul
C:\Documents and Settings\Wlasniewski\Application Data\Izwaur
C:\Documents and Settings\Wlasniewski\Application Data\Biwaew
C:\Documents and Settings\Wlasniewski\Application Data\Gyeno
C:\Documents and Settings\Wlasniewski\Application Data\Ruq
C:\Documents and Settings\Wlasniewski\Application Data\Moget
C:\Documents and Settings\Wlasniewski\Application Data\Zaibt
C:\Documents and Settings\Wlasniewski\Application Data\e88ea456-8171-467e-a64d-c7a2745eed9479
C:\Documents and Settings\Wlasniewski\Application Data\54AC83
C:\Documents and Settings\Wlasniewski\Application Data\Talo
C:\Documents and Settings\Wlasniewski\Application Data\Ugnig
C:\Documents and Settings\Wlasniewski\Application Data\Ciux
C:\Documents and Settings\Wlasniewski\Application Data\Vumyna
C:\Documents and Settings\Wlasniewski\Application Data\Xayg
C:\Documents and Settings\All Users\Application Data\BE.js
C:\Documents and Settings\All Users\Application Data\BE.pad
C:\Documents and Settings\All Users\Application Data\4.pad
C:\Documents and Settings\Wlasniewski\Local Settings\Application Data\Ahead\3DVIA\smjoebg.dll
C:\Documents and Settings\Wlasniewski\Application Data\e88ea456-8171-467e-a64d-c7a2745eed9479\eeaeadcaeed.exe
C:\Documents and Settings\Wlasniewski\Application Data\pcouffin.sys
C:\Documents and Settings\Wlasniewski\Local Settings\Application Data\dt.dat
C:\Documents and Settings\Wlasniewski\Application Data\default.pls
c:\Documents and Settings\Wlasniewski\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:Commands
[EmptyTemp]
[EmptyFlash]
[EmptyJava]
[Reboot]
<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>

<hr />
Click to expand...


did the otl fix and attached the results. when i rebooted the laptop it still says "lsass.exe error".
 

Attachments

  • otlfix1.rtf
    5.5 KB · Views: 154
Last edited by a moderator:

Similar threads

snaps12
  • Locked
Hello my daughter got the oneetx virus.
Replies
2
Views
370
Windows Malware Removal Help & Support
nasdaq
nasdaq
Trustless
    • +Reputation
  • Locked
Trouble Removing a Chrome Redirecting Type Malware/Adware
Replies
4
Views
628
Windows Malware Removal Help & Support
nasdaq
nasdaq
D
  • Locked
Need Help Removing Malware Chrome Extension "QuantumNeonious" which is unremovable
Replies
1
Views
384
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top