View Single Post
  #19  
Old March 12th, 2012, 04:18 PM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,312
OTL logfile created on: 12/03/2012 15:11:18 - Run 6
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\user\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.24 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 69.61% Memory free
6.48 Gb Paging File | 5.52 Gb Available in Paging File | 85.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.59 Gb Total Space | 50.39 Gb Free Space | 65.80% Space Free | Partition Type: NTFS
Drive F: | 149.01 Gb Total Space | 88.84 Gb Free Space | 59.62% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/09 18:06:39 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012/02/23 16:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/02/23 16:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/04/29 09:30:27 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/07 21:30:22 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport MS\baseline\RapportMS.dll
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/05/28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/23 16:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/23 16:23:20 | 000,131,288 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/03/24 21:02:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012/02/23 16:13:00 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/02/23 16:12:28 | 000,610,648 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/02/23 16:12:16 | 000,337,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/02/23 16:12:01 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/02/23 16:11:24 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/02/23 16:10:59 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV - [2012/02/23 16:10:39 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/02/23 16:10:34 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/02/23 16:10:16 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/23 15:54:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2011/12/15 17:08:25 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/07 21:30:22 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\Rapport MS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/11/26 18:02:22 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 22:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {E5DA3E03-D40E-4A8E-92D5-24973B70C1EC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E BE F8 A7 D1 97 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {77f8c945-4b74-4bd6-a073-e0d1997edce8} - No CLSID value found
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {E5DA3E03-D40E-4A8E-92D5-24973B70C1EC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=941 f3c7e0000000000001c6f65705093
IE - HKCU\..\SearchScopes\{80D0D368-780B-4BAE-8A6B-C8EC832E474B}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=685749&p={searchTerms}
IE - HKCU\..\SearchScopes\{E5DA3E03-D40E-4A8E-92D5-24973B70C1EC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2011/03/30 22:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoog leNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dl l
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf3 2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnp ncnbda\6.0.1407_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\6.1.3_0\

O1 HOSTS File: ([2011/11/24 10:30:57 | 000,435,628 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15020 more lines...
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {77F8C945-4B74-4BD6-A073-E0D1997EDCE8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{2DA66059-73EF-43F1-ADBA-DA389CBA88B4}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/11 22:24:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C9FAFBF7-1251-4DCD-B636-5767CD32FD11}
[2012/03/11 22:24:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4AC7154F-5A52-4CB5-B831-3BA4E982C10C}
[2012/03/11 10:23:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{9F1259C4-9C12-4E15-BE95-F23DDE33D278}
[2012/03/11 10:23:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{89004AA8-DC03-4F5A-B315-D3B49113F7CF}
[2012/03/10 17:47:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{AABCA0F8-D5ED-4425-B349-C8A3F16569E9}
[2012/03/10 17:47:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5335E2AA-CED8-457D-B3A5-FFBB5CC6E396}
[2012/03/10 16:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2012/03/09 18:38:18 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/03/09 18:06:32 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/03/09 10:26:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DA1E9E60-797C-4283-A20F-8648299EA165}
[2012/03/09 10:25:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{35DF1A4A-8BD7-44A5-B65C-E6CA0071BEFE}
[2012/03/08 22:25:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{69DFEBCC-E8B7-4C57-B683-970BE4BC4AC4}
[2012/03/08 22:25:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{8339C240-4BDC-4F94-941E-40AA1ACFF344}
[2012/03/08 10:13:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{F92F8E4B-4808-4C01-9E94-C53C8D882674}
[2012/03/08 10:13:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E1335FFC-4830-43D7-89A9-9B6EF53414BB}
[2012/03/07 19:57:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{16F63384-0076-43D7-91E7-30769D8F3167}
[2012/03/07 19:57:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{43DC44C4-132D-4A00-B0C8-E175BF52EF54}
[2012/03/07 07:57:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{608FB246-6958-47A2-A40F-57953F587B14}
[2012/03/07 07:56:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{821FC202-64F7-469B-8B92-7CCE5AF25741}
[2012/03/06 19:56:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{7AC9A0BB-3E42-412E-8E7A-1ACC7E3A21E0}
[2012/03/06 19:56:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{CF23559D-1F81-4676-BD03-3A695FE3E2D3}
[2012/03/05 10:03:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{FA635762-6615-4D3F-887C-BECF2E44FF8E}
[2012/03/05 10:03:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{668F35D9-A6C1-43FF-B797-49ED1A9852A7}
[2012/03/04 19:47:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DB475305-833D-4329-BF24-CC60B975C2DE}
[2012/03/04 19:44:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E882BBE5-133B-48D1-AD7C-DEB3765B8D75}
[2012/03/03 13:16:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1EBE75B2-02B7-4774-95FB-92EB2B3AF5DE}
[2012/03/03 13:13:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{9537AC29-30CE-47D3-8100-38F68E18A0BD}
[2012/03/02 09:19:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{0FA9E24D-2FFE-4328-824B-8B731022771F}
[2012/03/02 09:16:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{8100A53C-E583-4CA2-BFAC-3C5943B232EF}
[2012/03/01 13:25:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{6E9BD210-BA5F-412D-8797-99ADB5BA1541}
[2012/02/29 11:09:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DDE186F0-A2C0-43F1-9FE9-FC7757339702}
[2012/02/29 11:06:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{BD26CDAD-9DEA-47F9-86F8-6EC98008B8B1}
[2012/02/29 10:03:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{910DA632-52A8-4FB3-A072-254557E2BEF9}
[2012/02/28 12:21:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C7D887DA-B3C1-458C-B44C-8A6D67967EFC}
[2012/02/28 12:19:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{601D1C18-4E8D-4F37-8D3D-1CA800B02406}
[2012/02/27 19:59:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{0768F8BA-2E56-473C-9534-CA4C36E3BD18}
[2012/02/27 10:55:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DF4295B0-B346-4AD8-99D0-DF269AE912B2}
[2012/02/27 10:53:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D66843BB-D3DB-4EC4-8A8F-2B12F4E9C6DD}
[2012/02/26 23:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/26 14:36:31 | 000,112,984 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012/02/26 14:36:23 | 000,196,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012/02/26 14:36:23 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/02/26 14:36:22 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012/02/26 14:36:13 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012/02/26 14:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/02/25 15:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/02/25 15:40:16 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/25 10:58:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{862BA5EA-5C25-4841-B821-DCFF08A4BD9C}
[2012/02/25 10:55:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{9C623E93-9C34-4FAA-A84F-E698A76B7371}
[2012/02/24 22:52:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4C5BA1B9-36F2-4BA7-8FB7-E1BB8B0750BC}
[2012/02/24 22:48:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5D3E62C3-9F1C-46A3-9CE8-B8DE0E293A12}
[2012/02/24 10:46:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E9C36EA1-39CE-4439-B490-477661718972}
[2012/02/24 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{279880F5-E319-493F-A58B-091410369B51}
[2012/02/23 00:04:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{41B87861-D1A2-4142-A16A-674F705002AB}
[2012/02/22 10:59:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{3CBE3852-AEA4-475B-A802-199415AE34C2}
[2012/02/22 10:56:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{BB286382-FD44-40A6-B15D-ED3859DC7A68}
[2012/02/22 09:56:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{10CB6142-4192-4BD0-AA58-98704F50949A}
[2012/02/22 09:39:38 | 000,000,000 | R--D | C] -- C:\Users\user\Desktop\Documents
[2012/02/21 10:44:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{570CC288-8339-4914-9CFE-8C33B2E8D0AA}
[2012/02/21 10:42:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C7D2A034-1E4D-4D05-96E8-1590DA19A666}
[2012/02/20 22:39:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{A208CEA4-A1B7-4BAD-B59E-4C0470CC7004}
[2012/02/20 22:36:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{43CDAA4E-1F09-4856-B456-0705CBDBBD39}
[2012/02/20 10:16:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4878EDD7-FF70-4321-A408-01C41CD39EB1}
[2012/02/20 10:13:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D69D5E5D-91A9-40C8-958B-4BB96901CB3E}
[2012/02/19 12:19:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{25E4B0C9-BE3B-49AC-B78B-8BA17E35C45B}
[2012/02/19 12:16:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2C5483C2-8871-441C-A206-CB9B64C615DC}
[2012/02/19 11:47:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{708AE14F-271C-408D-B90A-706ADCC21044}
[2012/02/19 11:44:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E644214C-F9B7-4CB3-8C80-659B56E88C54}
[2012/02/18 14:22:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{600F4E39-5395-4BA4-9B61-39FBB32E667C}
[2012/02/18 14:20:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E410266B-4EC4-4CC3-87CE-848084A78A20}
[2012/02/18 10:24:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{04CA8653-8E22-470E-A07B-4369433163E6}
[2012/02/17 21:38:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{91264309-1AEF-418A-BD31-82B5EBC978CF}
[2012/02/17 21:35:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D5D07503-E0FC-4654-B2FC-703A999095A4}
[2012/02/17 09:32:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{887BE49B-933D-43DC-8001-893A7531AB5B}
[2012/02/17 09:30:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{3BD7972A-0E0F-4132-9ED6-AA37D2E69683}
[2012/02/16 11:44:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{43537686-557C-41ED-B838-469CC2C7B853}
[2012/02/16 11:41:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2785C88E-FBCD-40CB-9828-654F950E39BB}
[2012/02/15 23:59:31 | 000,000,000 | ---D | C] -- C:\7073191d4d97e081ba
[2012/02/15 23:56:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/15 23:56:55 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/15 23:56:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/15 23:56:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/15 23:56:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/15 23:56:51 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/15 23:09:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D906312E-AE81-45DE-BABB-E90863C77027}
[2012/02/15 23:07:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{045834BD-8C7F-46F6-8C6F-03FCF49F7C38}
[2012/02/15 11:04:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5897F63A-B45F-4000-84A7-D49E53B195B3}
[2012/02/15 11:01:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{13CA3830-FCA8-4BDA-B20D-E7E557CC59A8}
[2012/02/15 10:29:25 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/02/15 10:29:06 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/14 22:58:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2E3DEF7E-B0ED-44FE-8D18-297C3FC721BB}
[2012/02/14 22:54:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{22CDB7DB-F3BE-4B97-89E5-9328BF0DDA33}
[2012/02/14 10:51:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{A9FA6247-60AF-4DB6-9545-7187566C39D6}
[2012/02/14 10:48:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C0A46B89-3382-42B9-ABE1-8144FA870244}
[2012/02/13 22:45:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4A12D88E-F24E-46C8-B719-05E01ECDD6AE}
[2012/02/13 22:42:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{29FCBC15-B09E-4130-929A-4218BE7CDA56}
[2012/02/13 10:39:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5BCF7112-ED73-41A3-86A7-80E70755E340}
[2012/02/13 10:36:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{28032CD7-B97C-4791-9CD7-E2178880A05E}
[2012/02/12 12:04:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{92E2EE54-EB07-4AD6-88CB-36BFA975883A}
[2012/02/12 12:02:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{58B0CACA-8255-4ACA-B621-C6CA699031FD}

========== Files - Modified Within 30 Days ==========

[2012/03/12 15:09:12 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/12 15:07:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/12 15:07:02 | 2608,979,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/12 15:05:02 | 000,001,402 | ---- | M] () -- C:\Users\user\Desktop\fixer.reg
[2012/03/12 14:50:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/12 09:19:37 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 09:19:37 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/11 10:18:38 | 000,000,317 | ---- | M] () -- C:\Users\user\Desktop\cfgcheck.bat
[2012/03/11 03:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\ErrorEND.job
[2012/03/10 17:37:19 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2012/03/10 16:55:58 | 000,002,430 | ---- | M] () -- C:\Users\user\Desktop\uninstall_list 2
[2012/03/10 16:55:34 | 000,001,999 | ---- | M] () -- C:\Users\user\Desktop\HijackThis.lnk
[2012/03/09 18:38:24 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/03/09 18:11:54 | 000,302,592 | ---- | M] () -- C:\Users\user\Desktop\ewqnp886.exe
[2012/03/09 18:06:39 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/03/08 20:51:02 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/03 16:47:58 | 000,008,238 | ---- | M] () -- C:\Users\user\Desktop\Documents\chinese girl singin.odt
[2012/03/03 16:47:27 | 000,008,238 | ---- | M] () -- C:\Users\user\Desktop\Documents\Untitled 1.odt
[2012/02/29 11:05:52 | 000,013,193 | ---- | M] () -- C:\Users\user\Desktop\Documents\Complaint british gas.odt
[2012/02/26 14:36:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/26 14:32:32 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/02/25 15:40:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/23 16:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/23 16:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/23 16:13:00 | 000,112,984 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012/02/23 16:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/23 16:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/23 16:12:01 | 000,196,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012/02/23 16:11:24 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012/02/23 16:10:59 | 000,044,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/02/23 16:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/23 16:10:34 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/23 16:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/23 15:54:51 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/02/23 00:38:04 | 000,007,635 | ---- | M] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2012/02/22 18:00:55 | 000,096,983 | ---- | M] () -- C:\Users\user\Desktop\Documents\heliconia 3.jpg
[2012/02/22 17:54:15 | 000,061,274 | ---- | M] () -- C:\Users\user\Desktop\Documents\heliconia 2.jpg
[2012/02/22 12:03:52 | 000,254,154 | ---- | M] () -- C:\Users\user\Desktop\Documents\heliconia.jpg
[2012/02/22 11:35:30 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/22 11:35:30 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/19 12:29:21 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/16 10:08:25 | 000,284,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/03/12 15:05:02 | 000,001,402 | ---- | C] () -- C:\Users\user\Desktop\fixer.reg
[2012/03/11 10:18:38 | 000,000,317 | ---- | C] () -- C:\Users\user\Desktop\cfgcheck.bat
[2012/03/10 16:55:58 | 000,002,430 | ---- | C] () -- C:\Users\user\Desktop\uninstall_list 2
[2012/03/10 16:53:35 | 000,001,999 | ---- | C] () -- C:\Users\user\Desktop\HijackThis.lnk
[2012/03/09 18:57:14 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2012/03/09 18:11:54 | 000,302,592 | ---- | C] () -- C:\Users\user\Desktop\ewqnp886.exe
[2012/03/03 16:47:56 | 000,008,238 | ---- | C] () -- C:\Users\user\Desktop\Documents\chinese girl singin.odt
[2012/03/03 16:47:25 | 000,008,238 | ---- | C] () -- C:\Users\user\Desktop\Documents\Untitled 1.odt
[2012/02/29 11:05:50 | 000,013,193 | ---- | C] () -- C:\Users\user\Desktop\Documents\Complaint british gas.odt
[2012/02/26 23:08:50 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/26 14:32:32 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/02/25 15:40:35 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/25 15:40:34 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/22 17:55:47 | 000,096,983 | ---- | C] () -- C:\Users\user\Desktop\Documents\heliconia 3.jpg
[2012/02/22 12:09:54 | 000,061,274 | ---- | C] () -- C:\Users\user\Desktop\Documents\heliconia 2.jpg
[2012/02/22 11:56:59 | 000,254,154 | ---- | C] () -- C:\Users\user\Desktop\Documents\heliconia.jpg
[2011/11/30 15:46:24 | 000,017,828 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2011/11/25 19:19:22 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/09/10 21:53:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/10 21:53:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/10 21:53:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/06 19:08:46 | 000,007,635 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2011/08/04 08:25:42 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/08/04 08:25:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/25 19:51:46 | 000,002,712 | ---- | C] () -- C:\Windows\System32\AVRedirector.ini
[2011/07/25 19:51:46 | 000,001,392 | ---- | C] () -- C:\Windows\System32\AVRedirectorOff.ini
[2011/06/15 09:50:22 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/06/06 20:06:53 | 000,000,144 | ---- | C] () -- C:\Users\user\AppData\Roaming\ohvoiryn.bat
[2011/02/28 11:48:11 | 000,028,496 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/02/28 11:48:11 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/02/13 21:36:11 | 000,006,656 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/08 16:09:10 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 1069 bytes -> C:\Users\Public\Documents\Statin users hav