Below are some file operations that were done during the monitoring process. Review them carefully and check for suspicious files. C:\Users\Iuli\ntuser.dat.LOG1 was modified. C:\Users\Iuli\ntuser.dat was modified. C:\Users\Iuli\ntuser.dat was modified. C:\Users\Iuli\ntuser.dat was modified. C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf was modified. C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf was modified. C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\amlogs\620 was removed. C:\Users\Iuli\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 was modified. C:\Users\Iuli\AppData\Local\Microsoft\Windows\UsrClass.dat was modified. C:\Users\Iuli\AppData\Local\Microsoft\Windows\UsrClass.dat was modified. C:\Users\Iuli\AppData\Local\Microsoft\Windows\UsrClass.dat was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. E:\pnp\mirc.ini was modified. C:\Users\Iuli\ntuser.dat.LOG1 was modified. C:\Users\Iuli\ntuser.dat was modified. C:\Users\Iuli\ntuser.dat was modified. C:\Users\Iuli\ntuser.dat was modified. E:\pnp\CONFIG\default\CONFIG.INI was modified. E:\pnp\CONFIG\default\srv.rct was modified. E:\pnp\CONFIG\default\srv.rct was modified. E:\pnp\mirc.ini was modified. E:\pnp\mirc.ini was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\topic.lis was modified. E:\pnp\CONFIG\default\topic.lis was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\topic.lis was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\topic.lis was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\topic.lis was modified. E:\pnp\CONFIG\default\topic.lis was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\topic.lis was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\topic.lis was modified. E:\pnp\CONFIG\default\topic.lis was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\topic.lis was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\topic.lis was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\topic.lis was modified. E:\pnp\CONFIG\default\chan.rct was modified. E:\pnp\CONFIG\default\topic.lis was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Users\Iuli\ntuser.dat.LOG1 was modified. C:\Users\Iuli\ntuser.dat was modified. C:\Users\Iuli\ntuser.dat was modified. C:\Users\Iuli\ntuser.dat was modified. C:\Windows\Temp\PR17B5.tmp was created. C:\Windows\Temp\PR17B5.tmp was modified. C:\Users\Iuli\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 was modified. C:\Users\Iuli\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 was modified. C:\Users\Iuli\AppData\Local\Microsoft\Windows\UsrClass.dat was modified. C:\Users\Iuli\AppData\Local\Microsoft\Windows\UsrClass.dat was modified. C:\Users\Iuli\AppData\Local\Microsoft\Windows\UsrClass.dat was modified. C:\Users\Iuli\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Users\Iuli\AppData\Local\AOL\UserProfiles\1319467748\iuli\metrics\cmls_ms.tlv.tmp was created. C:\Users\Iuli\AppData\Local\AOL\UserProfiles\1319467748\iuli\metrics was modified. C:\Users\Iuli\ntuser.dat.LOG1 was modified. C:\Users\Iuli\ntuser.dat was modified. C:\Users\Iuli\ntuser.dat was modified. C:\Users\Iuli\ntuser.dat was modified. C:\Windows\Temp\PRF69A.tmp was removed. C:\Windows\Temp was modified. C:\Windows\Temp was modified. C:\Windows\Temp\PR622D.tmp was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Users\Iuli\AppData\Local\Mozilla\Firefox\Profiles\7e1f4kuy.default\urlclassifier3.sqlite-journal was created. C:\Users\Iuli\AppData\Local\Mozilla\Firefox\Profiles\7e1f4kuy.default was modified. C:\Users\Iuli\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XS4ZVC2GJQAE3WKE7G5A.temp was created. C:\Users\Iuli\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations was modified. C:\Users\Iuli\AppData\Local\Mozilla\Firefox\Profiles\7e1f4kuy.default\urlclassifier3.sqlite-journal was removed. C:\Users\Iuli\AppData\Local\Mozilla\Firefox\Profiles\7e1f4kuy.default\urlclassifier.pset was modified. C:\Users\Iuli\AppData\Local\Mozilla\Firefox\Profiles\7e1f4kuy.default was modified. C:\Users\Iuli\AppData\Local\Mozilla\Firefox\Profiles\7e1f4kuy.default\urlclassifier3.sqlite was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\Temp\PRBC5E.tmp was created. C:\Windows\Temp\PRBC5E.tmp was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\Temp\PRBC5E.tmp was removed. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\Temp was modified. C:\Windows\Temp\PR9C4.tmp was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\Temp\PR9C4.tmp was removed. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\Temp was modified. C:\Windows\Temp\PR59E7.tmp was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\Temp\PR59E7.tmp was removed. C:\Windows\Temp\PR17B5.tmp was removed. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Users\Iuli\ntuser.dat.LOG1 was modified. C:\Users\Iuli\ntuser.dat was modified. C:\Users\Iuli\ntuser.dat was modified. C:\Users\Iuli\ntuser.dat was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Users\Iuli\AppData\Local\AOL\UserProfiles\1319467748\iuli\metrics\cmls_ms.tlv.tmp was created. C:\Users\Iuli\AppData\Local\AOL\UserProfiles\1319467748\iuli\metrics was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Users\Iuli\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WX2F9QWX5YPG31SQ67AV.temp was created. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\Temp was modified. C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\amlogs\622 was created. C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\amlogs was modified. C:\Windows\rescache\rc0004\ResCache.hit was modified. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job was modified. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job was modified. C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\amlogs\623 was created. C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\amlogs was modified. C:\Windows\Prefetch\GOOGLEUPDATE.EXE-B95715F5.pf was modified. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job was modified. C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\amlogs\623 was removed. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SOFTWARE.LOG1 was modified. C:\Windows\System32\config\software was modified. C:\Windows\System32\config\software was modified. C:\Windows\System32\config\software was modified. C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf was modified. C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\Temp\PR8809.tmp was created. C:\Windows\Temp\PR8809.tmp was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Users\Iuli\AppData\Local\AOL\UserProfiles\1319467748\iuli\metrics\cmls_ms.tlv.tmp was created. C:\Users\Iuli\AppData\Local\AOL\UserProfiles\1319467748\iuli\metrics was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Users\Iuli\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Q632YG2HMH0GY6NUPWG5.temp was created. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\ProgramData\Kaspersky Lab\AVP12\Data\profiles.xml.tmp was created. C:\ProgramData\Kaspersky Lab\AVP12\Data was modified. C:\ProgramData\Kaspersky Lab\AVP12\Data\profiles.xml.tmp was modified. C:\ProgramData\Kaspersky Lab\AVP12\Data\profiles.xml.tmp was removed. C:\ProgramData\Kaspersky Lab\AVP12\Data was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Users\Iuli\AppData\Local\AOL\UserProfiles\1319467748\iuli\metrics\cmls_ms.tlv.tmp was created. C:\Users\Iuli\AppData\Local\AOL\UserProfiles\1319467748\iuli\metrics was modified. C:\Users\Iuli\AppData\Local\AOL\UserProfiles\1319467748\iuli\metrics was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\ProgramData\Kaspersky Lab\AVP12\Report\g_objdt.dat was modified. C:\ProgramData\Kaspersky Lab\AVP12\Report\05\00000003_objid.dat was modified. C:\ProgramData\Kaspersky Lab\AVP12\Report\05\00000003_objdt.dat was modified. C:\ProgramData\Kaspersky Lab\AVP12\Report\02\0000000F_objbt.dat was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\ProgramData\Kaspersky Lab\AVP12\Report\0C\00000001_objid.dat was modified. C:\Windows\System32\config\system was modified. C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\bsslogs was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\Temp\PRE066.tmp was created. C:\Windows\Temp\PRE066.tmp was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Users\Iuli\AppData\Local\AOL\UserProfiles\1319467748\iuli\metrics\cmls_ms.tlv.tmp was created. C:\Users\Iuli\AppData\Local\AOL\UserProfiles\1319467748\iuli\metrics was modified. C:\Windows\System32\config\SYSTEM.LOG1 was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified. C:\Windows\System32\config\system was modified.