I might have keyloggers...

CalypzeCalypze Stockholm, Sweden
edited December 2007 in Spyware & Virus Removal
I've used a little program called KL-Detector v1.3 (available here) and it happened to find some stuff. This program is reportedly prone to false positives and appears to be a few years old (I doubt it is made for Vista). It only detects, it doesn't remove anything. Yet I'd like to know if what it found is anything illegitimate. I strongly feel that at least some of the reported stuff are fine, but about some of the other, I don't know. The programs I were using in the test were Notepad and Mozilla Firefox. Here are the detector's reports:
KL-Detector has found some suspicious files:
C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
C:\WINDOWS\System32\config\SOFTWARE
C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
C:\WINDOWS\System32\wbem\repository\INDEX.BTR
C:\WINDOWS\Temp\TMP0000004659CEA0B805187D5E
C:\WINDOWS\System32\wbem\repository\MAPPING1.MAP
C:\WINDOWS\System32\wbem\repository\MAPPING2.MAP

Please check; someone might have installed a keylogger on your computer!


You MAY want to take a look at:
C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\
C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\
C:\WINDOWS\System32\config\
C:\WINDOWS\System32\wbem\repository\
C:\WINDOWS\
C:\WINDOWS\Temp\
C:\WINDOWS\Prefetch\
Below are some file operations that were done during the monitoring process.
Review them carefully and check for suspicious files.


C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Recent\ReadMe.txt (2).lnk
was created.

C:\Users\Johan\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007120920071210\index.dat
was modified.

C:\WINDOWS\Temp\TMP00000041FB569A916CD48876
was created.

C:\WINDOWS\Temp\TMP00000041FB569A916CD48876
was modified.

C:\WINDOWS\Temp
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\Users\Johan\AppData\Local\Mozilla\Firefox\Mozilla Firefox\updates\0
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\WINDOWS\System32\config\SOFTWARE.LOG1
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\Users\Johan\AppData\Local\Mozilla\Firefox\Mozilla Firefox\update.test
was created.

C:\Users\Johan\AppData\Local\Mozilla\Firefox\Mozilla Firefox\updates\0
was modified.

C:\Users\Johan\AppData\Roaming\SiteAdvisor\asserts.txt
was modified.

C:\Users\Johan\AppData\Roaming\SiteAdvisor\asserts.txt
was modified.

C:\Users\Johan\ntuser.dat.LOG1
was modified.

C:\Users\Johan\ntuser.dat
was modified.

C:\WINDOWS\Prefetch\NOTEPAD.EXE-EB1B961A.pf
was modified.

C:\WINDOWS\Prefetch\NOTEPAD.EXE-EB1B961A.pf
was modified.

C:\WINDOWS\Prefetch\FIREFOX.EXE-E60C0AA7.pf
was modified.

C:\WINDOWS\Prefetch\FIREFOX.EXE-E60C0AA7.pf
was modified.

C:\Users\Johan\AppData\Roaming\SiteAdvisor\asserts.txt
was modified.

C:\Users\Johan\AppData\Roaming\SiteAdvisor\asserts.txt
was modified.

C:\Users\Johan\AppData\Roaming\SiteAdvisor\asserts.txt
was modified.

C:\Users\Johan\AppData\Roaming\SiteAdvisor\asserts.txt
was modified.

C:\Users\Johan\AppData\Roaming\SiteAdvisor\asserts.txt
was modified.

C:\Users\Johan\AppData\Roaming\SiteAdvisor\asserts.txt
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\cookies-1.txt
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore.js
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\urlclassifier2.sqlite-journal
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\Users\Johan\AppData\Local\Mozilla\Firefox\Profiles\usxnfro2.default\Cache\C260130Dd01
was created.

C:\Users\Johan\AppData\Local\Mozilla\Firefox\Profiles\usxnfro2.default\Cache
was modified.

C:\Users\Johan\AppData\Local\Mozilla\Firefox\Profiles\usxnfro2.default\Cache\C260130Dd01
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\urlclassifier2.sqlite-journal
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\urlclassifier2.sqlite-journal
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING1.MAP
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING2.MAP
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore.js.moztmp
was removed.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore.js.moztmp
was removed.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore.js.moztmp
was removed.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore.js.moztmp
was removed.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore.js.moztmp
was removed.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore.js.moztmp
was removed.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore.js.moztmp
was removed.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING1.MAP
was modified.

C:\WINDOWS\Temp\MpCmdRun.log
was created.

C:\WINDOWS\Temp
was modified.

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
was modified.

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
was modified.

C:\WINDOWS\SoftwareDistribution\DataStore\Logs
was modified.

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
was modified.

C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.xml
was modified.

C:\WINDOWS\Temp\TMP0000004275866AC5997CF932
was created.

C:\WINDOWS\Temp
was modified.

C:\WINDOWS\Temp\TMP0000004275866AC5997CF932
was modified.

C:\WINDOWS\Temp\TMP0000004275866AC5997CF932
was removed.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\WINDOWS\Temp
was modified.

C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.xml
was modified.

C:\WINDOWS\SoftwareDistribution\AuthCabs\authcab.cab
was modified.

C:\WINDOWS\System32\config\SYSTEM.LOG1
was modified.

C:\WINDOWS\System32\config\SYSTEM
was modified.

C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab.bak
was created.

C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab.bak
was modified.

C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.xml
was modified.

C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab
was modified.

C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.xml
was modified.

C:\WINDOWS\System32\config\SOFTWARE.LOG1
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore.js.moztmp
was removed.

C:\WINDOWS\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf
was modified.

C:\WINDOWS\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf
was modified.

C:\WINDOWS\Prefetch\WMIPRVSE.EXE-43972D0F.pf
was modified.

C:\WINDOWS\Prefetch\WMIPRVSE.EXE-43972D0F.pf
was modified.

C:\WINDOWS\System32\config\SOFTWARE.LOG1
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\WINDOWS\WindowsUpdate.log
was modified.

C:\WINDOWS\Temp\MpCmdRun.log
was modified.

C:\WINDOWS\Temp
was modified.

C:\WINDOWS\SERVIC~2\NETWOR~1\AppData\Local\Temp
was modified.

C:\WINDOWS\Temp\TMP000000436A8499F2BA5F8469
was modified.

C:\WINDOWS\System32\config\SOFTWARE.LOG1
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat.LOG1
was modified.

C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\WINDOWS\Logs\CBS\CBS.log
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\history.dat
was modified.

C:\Users\Johan\AppData\Local\Mozilla\Firefox\Profiles\usxnfro2.default\Cache\_CACHE_001_
was modified.

C:\Users\Johan\ntuser.dat.LOG1
was modified.

C:\Users\Johan\ntuser.dat
was modified.

C:\Users\Johan\ntuser.dat
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING2.MAP
was modified.

C:\Users\Johan\ntuser.dat.LOG1
was modified.

C:\Users\Johan\ntuser.dat
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore-1.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore.js.moztmp
was removed.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING1.MAP
was modified.

C:\WINDOWS\Internet Logs
was modified.

C:\WINDOWS\System32\config\SOFTWARE.LOG1
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\WINDOWS\Temp\TMP00000044488F20F02A6E70B1
was created.

C:\WINDOWS\Temp
was modified.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\Temp\TMP00000044488F20F02A6E70B1
was removed.

C:\WINDOWS\Temp\TMP000000457F0D16057EA073D2
was created.

C:\WINDOWS\Temp
was modified.

C:\WINDOWS\Temp\TMP000000457F0D16057EA073D2
was removed.

C:\WINDOWS\Temp
was modified.

C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
was modified.

C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat.LOG1
was modified.

C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
was modified.

C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
was modified.

C:\WINDOWS\Temp\TMP0000004659CEA0B805187D5E
was created.

C:\WINDOWS\Temp
was modified.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
was modified.

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
was modified.

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
was modified.

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Temp\TMP0000004659CEA0B805187D5E
was modified.

C:\WINDOWS\Temp\TMP0000004659CEA0B805187D5E
was modified.

C:\WINDOWS\Temp\TMP0000004659CEA0B805187D5E
was modified.

C:\WINDOWS\Temp\TMP0000004659CEA0B805187D5E
was modified.

C:\WINDOWS\Temp\TMP0000004659CEA0B805187D5E
was modified.

C:\WINDOWS\Temp\TMP0000004659CEA0B805187D5E
was modified.

C:\WINDOWS\Temp\TMP0000004659CEA0B805187D5E
was modified.

C:\WINDOWS\Temp\TMP0000004659CEA0B805187D5E
was removed.

C:\WINDOWS\Temp\TMP000000472AAD80F9ED447993
was created.

C:\WINDOWS\Temp
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING2.MAP
was modified.

C:\WINDOWS\Internet Logs\bu_tosave.rdb
was created.

C:\WINDOWS\Internet Logs\bu_todelete.rdb
was modified.

C:\WINDOWS\Internet Logs\bu_todelete.rdb
was modified.

C:\WINDOWS\Internet Logs
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING1.MAP
was modified.

C:\WINDOWS\Temp\TMP000000472AAD80F9ED447993
was removed.

C:\WINDOWS\Temp\TMP00000048FED47A87B91E0981
was created.

C:\WINDOWS\Temp
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\WINDOWS\Temp\TMP00000048FED47A87B91E0981
was removed.

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{056C2D2B-0EF6-4672-8DD4-98F1C2B5EA29}
was created.

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick
was modified.

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{056C2D2B-0EF6-4672-8DD4-98F1C2B5EA29}
was modified.

C:\WINDOWS\Temp\TMP000000436A8499F2BA5F8469
was removed.

C:\WINDOWS\SERVIC~2\NETWOR~1\AppData\Local\Temp\MpCmdRun-BB-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock
was removed.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\WINDOWS\Temp
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING2.MAP
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING1.MAP
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING2.MAP
was modified.

C:\WINDOWS\Logs\CBS\CBS.log
was modified.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\config\SOFTWARE.LOG1
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING1.MAP
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING2.MAP
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING1.MAP
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING2.MAP
was modified.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\Users\Johan\AppData\Local\Temp\zr-rxrze.tmp
was created.

C:\Users\Johan\AppData\Local\Temp
was modified.

C:\Users\Johan\AppData\Local\Temp
was modified.

C:\Users\Johan\AppData\Local\Temp
was modified.

C:\Users\Johan\AppData\Local\Temp\zr-rxrze.out
was removed.

C:\WINDOWS\System32\config\SOFTWARE.LOG1
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\WINDOWS\Prefetch\TASKENG.EXE-5BAF290C.pf
was modified.

C:\WINDOWS\Prefetch\TASKENG.EXE-5BAF290C.pf
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING1.MAP
was modified.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\Prefetch\Layout.ini
was modified.

C:\Users\Johan\AppData\Local\Temp
was modified.

C:\WINDOWS\Internet Logs\tvDebug.log
was modified.

C:\WINDOWS\System32\WDI\LogFiles\WdiContextLog.etl.002
was modified.

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
was modified.

C:\WINDOWS\WindowsUpdate.log
was modified.

C:\WINDOWS\Prefetch\Layout.ini
was modified.

C:\WINDOWS\Prefetch\Layout.ini
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING2.MAP
was modified.

C:\WINDOWS\System32\config\SOFTWARE.LOG1
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\WINDOWS\System32\config\SOFTWARE
was modified.

C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA
was modified.

C:\WINDOWS\System32\wbem\repository\INDEX.BTR
was modified.

C:\WINDOWS\System32\wbem\repository\MAPPING1.MAP
was modified.

C:\Users\Johan\AppData\Local\Mozilla\Firefox\Profiles\usxnfro2.default\XUL.mfl
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\prefs-1.js
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\sessionstore.js
was removed.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default
was modified.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\parent.lock
was removed.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\localstore-1.rdf
was created.

C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\usxnfro2.default\localstore-1.rdf
was modified.

C:\Users\Johan\AppData\Local\Mozilla\Firefox\Profiles\usxnfro2.default\Cache\_CACHE_MAP_
was modified.
Sign In or Register to comment.