OTL logfile created on: 2012-03-18 01:17:23 - Run 1 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Nina\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 894,43 Mb Total Physical Memory | 302,97 Mb Available Physical Memory | 33,87% Memory free 1,87 Gb Paging File | 0,77 Gb Available in Paging File | 41,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 52,96 Gb Total Space | 40,21 Gb Free Space | 75,92% Space Free | Partition Type: NTFS Drive D: | 58,72 Gb Total Space | 29,38 Gb Free Space | 50,03% Space Free | Partition Type: NTFS Computer Name: NINA-KOMPUTER | User Name: Nina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-03-18 01:16:26 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Downloads\OTL.exe PRC - [2012-03-17 18:33:14 | 000,529,408 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\gnzz.exe PRC - [2012-03-17 18:33:13 | 000,106,496 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\ozxej.exe PRC - [2012-02-02 15:55:22 | 003,209,216 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe PRC - [2011-11-16 20:34:25 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe PRC - [2011-05-11 15:31:24 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-11-20 21:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-05-06 16:13:32 | 000,340,568 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\mks_services.exe PRC - [2010-05-06 16:13:28 | 000,517,720 | ---- | M] (MkS Sp. z o.o.) -- C:\Program Files\mks_vir_9\bin\mks_mail.exe PRC - [2010-05-06 16:13:26 | 001,185,152 | ---- | M] (Mks Sp. z o.o.) -- C:\Program Files\mks_vir_9\bin\mks_9.exe PRC - [2010-01-15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-03-18 00:04:27 | 000,045,568 | ---- | M] () -- C:\Users\Nina\AppData\Local\Temp\FCF4.tmp MOD - [2012-03-18 00:04:27 | 000,020,480 | ---- | M] () -- C:\Users\Nina\AppData\Local\Temp\FE1E.tmp MOD - [2012-03-17 18:33:14 | 000,529,408 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\gnzz.exe MOD - [2012-03-17 18:33:13 | 000,106,496 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\ozxej.exe MOD - [2010-05-06 16:12:12 | 000,282,880 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\mks_ui.dll MOD - [2010-05-06 16:12:06 | 000,233,448 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\mks_reports.dll MOD - [2010-05-06 16:11:58 | 000,287,000 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\mks_kwar.dll MOD - [2010-05-06 16:11:56 | 000,093,360 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\mks_ipc.dll MOD - [2010-05-06 16:11:32 | 000,505,368 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\mks_ctrl_help.dll MOD - [2010-05-06 16:11:24 | 000,254,048 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\mks_config.dll MOD - [2010-05-06 16:11:22 | 000,723,720 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\mks_api.dll MOD - [2010-05-06 16:11:14 | 000,171,640 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\common.dll MOD - [2010-02-16 01:02:42 | 000,076,816 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\libdigest.dll MOD - [2009-04-06 23:16:08 | 000,068,568 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\mksscanp.dll MOD - [2009-04-06 23:16:02 | 000,192,176 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\libcrypto.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- C:\Windows\system32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-05-06 16:13:32 | 000,340,568 | ---- | M] () [Auto | Running] -- C:\Program Files\mks_vir_9\bin\mks_services.exe -- (mks_services) SRV - [2010-01-15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009-07-14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-04-29 03:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) SRV - [2007-05-31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-11-25 20:28:21 | 000,018,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\mksidsf.sys -- (mksidsf) DRV - [2010-11-20 21:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 21:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2010-11-20 21:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010-08-12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2010-07-04 19:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010-05-06 16:10:38 | 000,022,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\mksfwallt.sys -- (mksfwallt) DRV - [2010-05-06 16:10:36 | 000,020,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\mksfwallf.sys -- (mksfwallf) DRV - [2010-03-01 19:17:46 | 000,118,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\mks_vir_9\bin\mksmonev.sys -- (MksMonEv) DRV - [2010-02-16 01:01:56 | 000,366,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\mks_vir_9\bin\mksmonen.sys -- (MksMonEn) DRV - [2010-02-09 16:56:58 | 000,032,096 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\mks_vir_9\bin\mksmonfd.sys -- (MksMonFd) DRV - [2009-10-09 02:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009-07-23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-07-13 22:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009-04-29 03:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) DRV - [2008-10-03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59010 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-02 17:10:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-11-28 21:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Extensions [2012-01-27 09:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-11-18 21:03:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-02 17:09:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-03-02 17:09:53 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-03-02 17:09:53 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-03-02 17:09:53 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-03-02 17:09:53 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-03-02 17:09:53 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-03-02 17:09:53 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012-03-17 18:34:51 | 000,000,761 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [GRZqXwkUVlBz0c18234A] C:\Windows\system32\Cloud AV 2012v121.exe File not found O4 - HKLM..\Run: [mks_9] C:\Program Files\mks_vir_9\bin\mks_9.exe (Mks Sp. z o.o.) O4 - HKLM..\Run: [Mks_mail] C:\Program Files\mks_vir_9\bin\mks_mail.exe (MkS Sp. z o.o.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group) O4 - HKCU..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart File not found O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: mks.com.pl ([www] http in Zaufane witryny) O15 - HKCU\..Trusted Domains: mks.com.pl ([www] https in Zaufane witryny) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B6621EE-CB75-44F9-9CF7-C25CBD2EC09B}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\Nina\AppData\Roaming\A0326\149A3.exe) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-03-17 18:35:03 | 000,000,000 | ---D | C] -- C:\MkSKwar [2012-03-15 18:40:02 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012-03-15 18:39:58 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012-03-14 14:40:14 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012-03-14 14:40:11 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012-03-14 14:39:02 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012-03-14 14:39:02 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012-03-14 14:39:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012-03-14 14:38:59 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2012-03-08 16:12:45 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\.minecraft [2012-03-02 17:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares [2012-03-02 17:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ares [2012-02-28 09:26:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012-02-28 09:26:05 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012-02-28 09:26:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012-02-28 09:26:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012-02-28 09:26:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012-02-28 09:25:58 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012-02-27 23:46:04 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-03-18 00:11:09 | 000,021,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-03-18 00:11:09 | 000,021,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-03-18 00:03:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-03-18 00:03:39 | 703,401,984 | -HS- | M] () -- C:\hiberfil.sys [2012-03-17 18:51:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\F00001.cab [2012-03-17 18:34:51 | 000,000,761 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012-03-17 18:33:14 | 000,529,408 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\gnzz.exe [2012-03-17 18:33:13 | 000,106,496 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\ozxej.exe [2012-03-17 15:11:48 | 000,036,403 | ---- | M] () -- C:\Users\Nina\Desktop\wioooo.wma [2012-03-15 19:03:57 | 000,265,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-03-02 17:20:57 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Ares.lnk [2012-02-28 09:36:16 | 000,697,912 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-02-28 09:36:16 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-02-28 09:36:16 | 000,134,990 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-02-28 09:36:16 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-02-23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012-02-17 05:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-03-17 18:33:35 | 000,106,496 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\ozxej.exe [2012-03-17 18:33:15 | 000,529,408 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\gnzz.exe [2012-03-17 15:11:47 | 000,036,403 | ---- | C] () -- C:\Users\Nina\Desktop\wioooo.wma [2012-03-02 17:20:57 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Ares.lnk [2011-11-25 20:36:53 | 000,018,776 | ---- | C] () -- C:\Windows\System32\mksidsf.sys [2011-11-24 14:38:30 | 000,001,207 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\ahst.lni [2011-11-16 11:10:27 | 000,000,837 | ---- | C] () -- C:\Windows\WINCMD.INI [2011-11-15 20:53:38 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011-02-04 14:37:40 | 000,697,912 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2011-02-04 14:37:40 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2011-02-04 14:37:40 | 000,134,990 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2011-02-04 14:37:40 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2010-05-06 16:10:38 | 000,022,392 | ---- | C] () -- C:\Windows\System32\mksfwallt.sys [2010-05-06 16:10:36 | 000,020,856 | ---- | C] () -- C:\Windows\System32\mksfwallf.sys < End of report >