Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 ci.dll


  • This topic is locked This topic is locked
14 replies to this topic

#1 alexgoff

alexgoff

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 16 June 2011 - 12:23 AM

Hi, I believe my computer has become infected with malware after reading a similar post in which a user's computer running Windows 7 64bit would not boot because of a corrupted ci.dll. I have been trying to boot my computer for an hour and Startup Repair says the problem is a corrupted ci.dll. I've done the steps to get out of the Startup Repair loop and I don't know what else to do because re-installation and losing data is not an option for me except as a last resort.

If anybody could assist that would be wonderful! Thanks

Alex Goff

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:42 AM

Posted 16 June 2011 - 05:24 AM

Hi Alex Goff,

Welcome to Bleeping Computer. I will be assisting you with the issue.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 alexgoff

alexgoff
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 16 June 2011 - 12:49 PM

Hi farbar, thanks for helping here's my log and as a side note my copy of Windows 7 is x64 bit


Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.0.8
Ran by SYSTEM at 2011-06-16 13:37:22
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry ==========================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436224 2010-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-06-07] (Apple Inc.)
HKU\Alex\...\Run: [Google Update] "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-16] (Google Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKU\DefaultAppPool\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [30720 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,
HKLM\...\Winlogon: [Shell] explorer.exe [2871808 2011-02-24] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2871808 2011-02-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254


==================== Services ====================

3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-13] (Microsoft Corporation)
3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation)
2 AppHostSvc; C:\Windows\system32\inetsrv\apphostsvc.dll [65536 2010-11-20] (Microsoft Corporation)
3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-13] (Microsoft Corporation)
3 Appinfo; C:\Windows\System32\appinfo.dll [70656 2010-11-20] (Microsoft Corporation)
2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [37664 2011-02-18] (Apple Inc.)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [193536 2009-07-13] (Microsoft Corporation)
2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation)
2 AudioSrv; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation)
2 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [79360 2011-06-15] (Autodesk)
3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation)
4 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation)
2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation)
3 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files (x86)\Bonjour\mDNSResponder.exe" [349472 2011-04-06] (Apple Inc.)
3 Browser; C:\Windows\System32\browser.dll [136192 2010-11-20] (Microsoft Corporation)
3 bthserv; C:\Windows\System32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
3 COMSysApp; C:\Windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [9728 2009-07-13] (Microsoft Corporation)
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [177152 2010-11-20] (Microsoft Corporation)
4 CscService; C:\Windows\System32\cscsvc.dll [692224 2010-11-20] (Microsoft Corporation)
2 DcomLaunch; C:\Windows\System32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
4 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation)
2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-03-02] (Microsoft Corporation)
3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation)
2 DPS; C:\Windows\System32\dps.dll [162816 2010-11-20] (Microsoft Corporation)
3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
3 EFS; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 2009-07-13] (Microsoft Corporation)
2 EventSystem; C:\Windows\System32\es.dll [402944 2009-07-13] (Microsoft Corporation)
3 Fax; C:\Windows\System32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation)
3 fdPHost; C:\Windows\System32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation)
2 FDResPub; C:\Windows\System32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation)
2 FontCache; C:\Windows\System32\FntCache.dll [1139200 2011-02-19] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)
3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe" [130976 2011-03-01] (Futuremark Corporation)
2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation)
2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [136176 2011-05-24] (Google Inc.)
3 hidserv; C:\Windows\System32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation)
3 HomeGroupListener; C:\Windows\System32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation)
3 HomeGroupProvider; C:\Windows\System32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [856400 2010-11-04] (Microsoft Corporation)
3 IKEEXT; C:\Windows\System32\ikeext.dll [853504 2010-11-20] (Microsoft Corporation)
3 IPBusEnum; C:\Windows\System32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation)
4 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2010-11-20] (Microsoft Corporation)
3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [934176 2011-06-07] (Apple Inc.)
3 KeyIso; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 KtmRm; C:\Windows\System32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation)
2 LanmanServer; C:\Windows\System32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation)
2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation)
3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation)
2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2010-04-30] (Alcatel-Lucent)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-04-30] (Alcatel-Lucent)
4 Mcx2Svc; C:\Windows\System32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation)
2 mi-raysat_3dsmax9_32; "C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe" [65536 2006-09-29] ()
2 MMCSS; C:\Windows\System32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
2 MpsSvc; C:\Windows\System32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation)
3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation)
3 MSiSCSI; C:\Windows\System32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation)
3 msiserver; C:\Windows\System32\msiexec.exe /V [128000 2010-11-20] (Microsoft Corporation)
3 napagent; C:\Windows\System32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator [116560 2009-06-10] (Microsoft Corporation)
2 NetPipeActivator; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [116560 2009-06-10] (Microsoft Corporation)
3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation)
2 NetTcpActivator; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [116560 2009-06-10] (Microsoft Corporation)
3 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [116560 2009-06-10] (Microsoft Corporation)
2 NlaSvc; C:\Windows\System32\nlasvc.dll [303616 2010-11-20] (Microsoft Corporation)
2 nsi; C:\Windows\System32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [441712 2008-11-03] (Microsoft Corporation)
3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation)
3 p2pimsvc; C:\Windows\System32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
3 p2psvc; C:\Windows\System32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation)
2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-13] (Microsoft Corporation)
3 PeerDistSvc; C:\Windows\System32\peerdistsvc.dll [1361920 2009-07-13] (Microsoft Corporation)
4 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
4 pla; C:\Windows\System32\pla.dll [1389056 2010-11-20] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\umpnpmgr.dll [404480 2010-11-20] (Microsoft Corporation)
3 PNRPAutoReg; C:\Windows\System32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation)
2 Power; C:\Windows\System32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
2 ProfSvc; C:\Windows\System32\profsvc.dll [209920 2010-11-20] (Microsoft Corporation)
3 ProtectedStorage; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation)
3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation)
4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation)
4 RemoteRegistry; C:\Windows\System32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation)
2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [10240 2009-07-13] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
2 SamSs; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\schedsvc.dll [1110016 2010-11-20] (Microsoft Corporation)
3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation)
3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation)
2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation)
4 SensrSvc; C:\Windows\System32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation)
4 SessionEnv; C:\Windows\System32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation)
4 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation)
2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation)
3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation)
2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2010-11-20] (Microsoft Corporation)
2 sppsvc; C:\Windows\System32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation)
3 sppuinotify; C:\Windows\System32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation)
3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation)
3 SstpSvc; C:\Windows\System32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation)
3 StorSvc; C:\Windows\System32\storsvc.dll [17920 2009-07-13] (Microsoft Corporation)
3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
2 SysMain; C:\Windows\System32\sysmain.dll [1743360 2010-11-20] (Microsoft Corporation)
3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation)
3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation)
3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
4 TermService; C:\Windows\System32\termsrv.dll [680960 2010-11-20] (Microsoft Corporation)
2 Themes; C:\Windows\System32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation)
3 THREADORDER; C:\Windows\System32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation)
3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation)
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation)
3 UmRdpService; C:\Windows\System32\umrdp.dll [214528 2010-11-20] (Microsoft Corporation)
3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation)
2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation)
3 VaultSvc; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation)
3 VSS; C:\Windows\System32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation)
3 W32Time; C:\Windows\System32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
3 WAS; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [1255736 2011-04-16] (Microsoft Corporation)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1504256 2010-11-20] (Microsoft Corporation)
3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation)
3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation)
3 WdiServiceHost; C:\Windows\System32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
3 WdiSystemHost; C:\Windows\System32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
3 WebClient; C:\Windows\System32\webclnt.dll [258560 2010-11-20] (Microsoft Corporation)
3 Wecsvc; C:\Windows\System32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation)
3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation)
3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation)
4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [444416 2010-11-20] (Microsoft Corporation)
2 Winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
3 WinRM; C:\Windows\System32\WsmSvc.dll [2018304 2010-11-20] (Microsoft Corporation)
3 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation)
2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2286976 2010-09-21] (Microsoft Corp.)
3 wmiApSrv; C:\Windows\System32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)
4 WMPNetworkSvc; "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1525248 2010-11-20] (Microsoft Corporation)
3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation)
3 WPDBusEnum; C:\Windows\System32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation)
2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation)
2 WSearch; C:\Windows\System32\SearchIndexer.exe /Embedding [593408 2009-07-13] (Microsoft Corporation)
2 wuauserv; C:\Windows\System32\wuaueng.dll [2420736 2010-11-20] (Microsoft Corporation)
2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [78848 2010-11-20] (Microsoft Corporation)
3 WwanSvc; C:\Windows\System32\wwansvc.dll [229888 2009-07-13] (Microsoft Corporation)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [x]

==================== Drivers ====================

3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation)
0 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] (Microsoft Corporation)
3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation)
3 adp94xx; C:\Windows\System32\DRIVERS\adp94xx.sys [491088 2009-07-13] (Adaptec, Inc.)
3 adpahci; C:\Windows\System32\DRIVERS\adpahci.sys [339536 2009-07-13] (Adaptec, Inc.)
3 adpu320; C:\Windows\System32\DRIVERS\adpu320.sys [182864 2009-07-13] (Adaptec, Inc.)
1 AFD; C:\Windows\System32\drivers\afd.sys [499712 2010-11-20] (Microsoft Corporation)
3 agp440; C:\Windows\System32\drivers\agp440.sys [61008 2009-07-13] (Microsoft Corporation)
3 aliide; C:\Windows\System32\drivers\aliide.sys [15440 2009-07-13] (Acer Laboratories Inc.)
3 amdide; C:\Windows\System32\drivers\amdide.sys [15440 2009-07-13] (Microsoft Corporation)
3 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [64512 2009-07-13] (Microsoft Corporation)
3 AmdPPM; C:\Windows\System32\DRIVERS\amdppm.sys [60928 2009-07-13] (Microsoft Corporation)
3 amdsata; C:\Windows\System32\drivers\amdsata.sys [107904 2011-03-10] (Advanced Micro Devices)
3 amdsbs; C:\Windows\System32\DRIVERS\amdsbs.sys [194128 2009-07-13] (AMD Technologies Inc.)
0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-03-10] (Advanced Micro Devices)
3 AppID; C:\Windows\System32\drivers\appid.sys [61440 2010-11-20] (Microsoft Corporation)
3 arc; C:\Windows\System32\DRIVERS\arc.sys [87632 2009-07-13] (Adaptec, Inc.)
3 arcsas; C:\Windows\System32\DRIVERS\arcsas.sys [97856 2009-07-13] (Adaptec, Inc.)
3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation)
0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-13] (Microsoft Corporation)
3 b06bdrv; C:\Windows\System32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation)
1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation)
3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-22] (Microsoft Corporation)
3 BrFiltLo; C:\Windows\System32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
3 BrFiltUp; C:\Windows\System32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.)
3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
3 BTHMODEM; C:\Windows\System32\DRIVERS\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation)
3 CamDrL64; C:\Windows\System32\DRIVERS\CamDrL64.sys [955680 2007-02-03] (Logitech Inc.)
4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation)
1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] (Microsoft Corporation)
3 circlass; C:\Windows\System32\DRIVERS\circlass.sys [45568 2009-07-13] (Microsoft Corporation)
0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-13] (Microsoft Corporation)
3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation)
3 cmdide; C:\Windows\System32\drivers\cmdide.sys [17488 2009-07-13] (CMD Technology, Inc.)
0 CNG; C:\Windows\System32\Drivers\cng.sys [459248 2010-11-20] (Microsoft Corporation)
3 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-13] (Microsoft Corporation)
3 CompositeBus; C:\Windows\System32\drivers\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
4 crcdisk; C:\Windows\System32\DRIVERS\crcdisk.sys [24144 2009-07-13] (Microsoft Corporation)
1 CSC; C:\Windows\System32\drivers\csc.sys [514560 2010-11-20] (Microsoft Corporation)
1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] (Microsoft Corporation)
1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation)
0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-13] (Microsoft Corporation)
3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-13] (Microsoft Corporation)
3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [982912 2010-11-20] (Microsoft Corporation)
3 ebdrv; C:\Windows\System32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
3 elxstor; C:\Windows\System32\DRIVERS\elxstor.sys [530496 2009-07-13] (Emulex)
3 ErrDev; C:\Windows\System32\drivers\errdev.sys [9728 2009-07-13] (Microsoft Corporation)
3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation)
3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation)
3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [29696 2009-07-13] (Microsoft Corporation)
0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-13] (Microsoft Corporation)
3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation)
3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation)
0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] (Microsoft Corporation)
3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-13] (Microsoft Corporation)
0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-13] (Microsoft Corporation)
0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223248 2010-11-20] (Microsoft Corporation)
3 gagp30kx; C:\Windows\System32\DRIVERS\gagp30kx.sys [65088 2009-07-13] (Microsoft Corporation)
3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [34152 2009-05-18] (GEAR Software Inc.)
3 hcw85cir; C:\Windows\System32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-20] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation)
3 HidBatt; C:\Windows\System32\DRIVERS\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation)
3 HidBth; C:\Windows\System32\DRIVERS\hidbth.sys [100864 2009-07-13] (Microsoft Corporation)
3 HidIr; C:\Windows\System32\DRIVERS\hidir.sys [46592 2009-07-13] (Microsoft Corporation)
3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation)
3 HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys [78720 2010-11-20] (Hewlett-Packard Company)
3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] (Microsoft Corporation)
0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] (Microsoft Corporation)
3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation)
3 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [410496 2011-03-10] (Intel Corporation)
3 iirsp; C:\Windows\System32\DRIVERS\iirsp.sys [44112 2009-07-13] (Intel Corp./ICP vortex GmbH)
3 intelide; C:\Windows\System32\drivers\intelide.sys [16960 2009-07-13] (Microsoft Corporation)
3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-13] (Microsoft Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation)
3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation)
3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation)
3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation)
3 isapnp; C:\Windows\System32\drivers\isapnp.sys [20544 2009-07-13] (Microsoft Corporation)
3 iScsiPrt; C:\Windows\System32\drivers\msiscsi.sys [273792 2010-11-20] (Microsoft Corporation)
3 kbdclass; C:\Windows\System32\drivers\kbdclass.sys [50768 2009-07-13] (Microsoft Corporation)
3 kbdhid; C:\Windows\System32\drivers\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation)
0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95616 2010-11-20] (Microsoft Corporation)
0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [152960 2010-11-20] (Microsoft Corporation)
3 ksthunk; C:\Windows\System32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
3 L1E; C:\Windows\System32\DRIVERS\L1E62x64.sys [54272 2009-06-19] (Atheros Communications, Inc.)
2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation)
3 LSI_FC; C:\Windows\System32\DRIVERS\lsi_fc.sys [114752 2009-07-13] (LSI Corporation)
3 LSI_SAS; C:\Windows\System32\DRIVERS\lsi_sas.sys [106560 2009-07-13] (LSI Corporation)
3 LSI_SAS2; C:\Windows\System32\DRIVERS\lsi_sas2.sys [65600 2009-07-13] (LSI Corporation)
3 LSI_SCSI; C:\Windows\System32\DRIVERS\lsi_scsi.sys [115776 2009-07-13] (LSI Corporation)
2 luafv; C:\Windows\System32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation)
3 LVUSBS64; C:\Windows\System32\drivers\LVUSBS64.sys [58528 2007-02-03] (Logitech Inc.)
3 megasas; C:\Windows\System32\DRIVERS\megasas.sys [35392 2009-07-13] (LSI Corporation)
3 MegaSR; C:\Windows\System32\DRIVERS\MegaSR.sys [284736 2009-07-13] (LSI Corporation, Inc.)
3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation)
3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation)
3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-13] (Microsoft Corporation)
3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation)
0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] (Microsoft Corporation)
1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
3 mpio; C:\Windows\System32\drivers\mpio.sys [155008 2010-11-20] (Microsoft Corporation)
3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [40832 2010-10-24] (Microsoft Corporation)
3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation)
3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRxDAV; C:\Windows\System32\drivers\mrxdav.sys [140800 2010-11-20] (Microsoft Corporation)
3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-02-22] (Microsoft Corporation)
3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [287744 2011-02-22] (Microsoft Corporation)
3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-02-22] (Microsoft Corporation)
3 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-20] (Microsoft Corporation)
3 msdsm; C:\Windows\System32\drivers\msdsm.sys [140672 2010-11-20] (Microsoft Corporation)
1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-13] (Microsoft Corporation)
3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation)
0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-13] (Microsoft Corporation)
3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation)
3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation)
3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation)
3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] (Microsoft Corporation)
1 mssmbios; C:\Windows\System32\drivers\mssmbios.sys [32320 2009-07-13] (Microsoft Corporation)
3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation)
3 MTConfig; C:\Windows\System32\DRIVERS\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-13] (Microsoft Corporation)
3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation)
0 NDIS; C:\Windows\System32\drivers\ndis.sys [951680 2010-11-20] (Microsoft Corporation)
3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation)
3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation)
3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation)
3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation)
1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] (Microsoft Corporation)
3 nfrd960; C:\Windows\System32\DRIVERS\nfrd960.sys [51264 2009-07-13] (IBM Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation)
3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659776 2011-03-10] (Microsoft Corporation)
1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation)
3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [12962792 2011-02-23] (NVIDIA Corporation)
3 nvraid; C:\Windows\System32\drivers\nvraid.sys [148352 2011-03-10] (NVIDIA Corporation)
3 nvstor; C:\Windows\System32\drivers\nvstor.sys [166272 2011-03-10] (NVIDIA Corporation)
3 nv_agp; C:\Windows\System32\drivers\nv_agp.sys [122960 2009-07-13] (Microsoft Corporation)
3 ohci1394; C:\Windows\System32\drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation)
3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-13] (Microsoft Corporation)
0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75136 2010-11-20] (Microsoft Corporation)
0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] (Microsoft Corporation)
0 pciide; C:\Windows\System32\drivers\pciide.sys [12352 2009-07-13] (Microsoft Corporation)
3 pcmcia; C:\Windows\System32\DRIVERS\pcmcia.sys [220752 2009-07-13] (Microsoft Corporation)
0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-13] (Microsoft Corporation)
3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation)
3 Processor; C:\Windows\System32\DRIVERS\processr.sys [60416 2009-07-13] (Microsoft Corporation)
1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation)
3 ql2300; C:\Windows\System32\DRIVERS\ql2300.sys [1524816 2009-07-13] (QLogic Corporation)
3 ql40xx; C:\Windows\System32\DRIVERS\ql40xx.sys [128592 2009-07-13] (QLogic Corporation)
3 QWAVEdrv; C:\Windows\System32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation)
3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation)
3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation)
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation)
3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation)
3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation)
1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation)
3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation)
3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165888 2010-11-20] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation)
1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation)
3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2010-11-20] (Microsoft Corporation)
0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] (Microsoft Corporation)
2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation)
3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [6656 2010-11-20] (Microsoft Corporation)
3 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [103808 2010-11-20] (Microsoft Corporation)
1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [91568 2010-04-12] (PowerISO Computing, Inc.)
3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation)
2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-13] (Microsoft Corporation)
1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Microsoft Corporation)
3 sermouse; C:\Windows\System32\DRIVERS\sermouse.sys [26624 2009-07-13] (Microsoft Corporation)
3 sffdisk; C:\Windows\System32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation)
3 sffp_mmc; C:\Windows\System32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation)
3 sffp_sd; C:\Windows\System32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation)
3 sfloppy; C:\Windows\System32\DRIVERS\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation)
3 SiSRaid2; C:\Windows\System32\DRIVERS\SiSRaid2.sys [43584 2009-07-13] (Silicon Integrated Systems Corp.)
3 SiSRaid4; C:\Windows\System32\DRIVERS\sisraid4.sys [80464 2009-07-13] (Silicon Integrated Systems)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18232 2011-02-23] ()
3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation)
0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] (Microsoft Corporation)
3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-02-22] (Microsoft Corporation)
3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [411648 2011-02-22] (Microsoft Corporation)
3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [167936 2011-02-22] (Microsoft Corporation)
3 stexstor; C:\Windows\System32\DRIVERS\stexstor.sys [24656 2009-07-13] (Promise Technology)
0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [46464 2010-11-20] (Microsoft Corporation)
3 storvsc; C:\Windows\System32\drivers\storvsc.sys [34688 2010-11-20] (Microsoft Corporation)
3 swenum; C:\Windows\System32\drivers\swenum.sys [12496 2009-07-13] (Microsoft Corporation)
0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1924480 2010-11-20] (Microsoft Corporation)
3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1924480 2010-11-20] (Microsoft Corporation)
2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2010-11-20] (Microsoft Corporation)
3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation)
3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-13] (Microsoft Corporation)
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] (Microsoft Corporation)
1 TermDD; C:\Windows\System32\drivers\termdd.sys [63360 2010-11-20] (Microsoft Corporation)
3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39424 2010-11-20] (Microsoft Corporation)
3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-20] (Microsoft Corporation)
3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation)
3 uagp35; C:\Windows\System32\DRIVERS\uagp35.sys [64080 2009-07-13] (Microsoft Corporation)
4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation)
3 uliagpkx; C:\Windows\System32\drivers\uliagpkx.sys [64592 2009-07-13] (Microsoft Corporation)
3 umbus; C:\Windows\System32\drivers\umbus.sys [48640 2010-11-20] (Microsoft Corporation)
3 UmPass; C:\Windows\System32\DRIVERS\umpass.sys [9728 2009-07-13] (Microsoft Corporation)
3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.)
3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109696 2010-11-20] (Microsoft Corporation)
3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2011-03-24] (Microsoft Corporation)
3 usbcir; C:\Windows\System32\drivers\usbcir.sys [100352 2009-07-13] (Microsoft Corporation)
3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [52736 2011-03-24] (Microsoft Corporation)
3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2011-03-24] (Microsoft Corporation)
3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [25600 2009-07-13] (Microsoft Corporation)
3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation)
3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-10] (Microsoft Corporation)
3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [30720 2011-03-24] (Microsoft Corporation)
0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-13] (Microsoft Corporation)
3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation)
3 vhdmp; C:\Windows\System32\drivers\vhdmp.sys [215936 2010-11-20] (Microsoft Corporation)
3 viaide; C:\Windows\System32\drivers\viaide.sys [17488 2009-07-13] (VIA Technologies, Inc.)
0 vmbus; C:\Windows\System32\drivers\vmbus.sys [199552 2010-11-20] (Microsoft Corporation)
3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [21760 2010-11-20] (Microsoft Corporation)
0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] (Microsoft Corporation)
0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Microsoft Corporation)
0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] (Microsoft Corporation)
3 vsmraid; C:\Windows\System32\DRIVERS\vsmraid.sys [161872 2009-07-13] (VIA Technologies Inc.,Ltd)
3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation)
3 WacomPen; C:\Windows\System32\DRIVERS\wacompen.sys [27776 2009-07-13] (Microsoft Corporation)
3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
3 Wd; C:\Windows\System32\DRIVERS\wd.sys [21056 2009-07-13] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-13] (Microsoft Corporation)
1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation)
3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-13] (Microsoft Corporation)
3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation)
4 ws2ifsl; C:\Windows\System32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation)
3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2010-11-20] (Microsoft Corporation)
3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2010-11-20] (Microsoft Corporation)
3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [679936 2009-07-13] (Microsoft Corporation)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [68992 2009-04-08] (Microsoft Corporation)
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

========================= NetSvcs ============================

============ One Month Created Files and folders =============

2011-06-16 00:50 - 2010-11-20 05:28 - 0780008 ____A (Microsoft Corporation) C:\ci.dll
2011-06-15 19:57 - 2011-06-15 19:57 - 4479961 ____A C:\Users\Alex\Downloads\tropico3_117_patch_d2d.zip
2011-06-15 19:57 - 2011-06-15 19:57 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Tropico 3
2011-06-15 19:55 - 2011-06-15 19:55 - 0000000 ____D C:\Program Files (x86)\Kalypso
2011-06-15 18:15 - 2011-06-15 18:17 - 0000000 ____D C:\Users\Alex\Desktop\Tropico 3
2011-06-15 16:02 - 2011-06-15 16:02 - 0750699 ____A C:\Users\Alex\Downloads\TROPICO.PARADISE.ISLAND.105.ENG.TUDDIES.NOCD.ZIP
2011-06-15 14:58 - 2011-06-15 15:02 - 179934202 ____A C:\Users\Alex\Downloads\FTXYMEN_BUILD_2001.zip
2011-06-15 14:33 - 2011-06-15 14:23 - 2449660 ____A C:\Users\Alex\Desktop\DSC01678.JPG
2011-06-15 14:33 - 2011-06-15 14:22 - 2389820 ____A C:\Users\Alex\Desktop\DSC01677.JPG
2011-06-15 11:57 - 2011-06-15 16:02 - 0000000 ____D C:\Program Files (x86)\Tropico
2011-06-15 10:07 - 2011-06-15 10:07 - 0000000 ____D C:\Users\Alex\Downloads\3dsmax9_sp2_32bit
2011-06-15 10:06 - 2011-06-15 10:06 - 17787965 ____A C:\Users\Alex\Downloads\3dsmax9_sp2_32bit.zip
2011-06-15 10:05 - 2011-06-15 10:05 - 2635353 ____A C:\Users\Alex\Downloads\3dsmax9_sp2_readme0.rtf
2011-06-15 09:38 - 2011-06-15 09:38 - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2011-06-15 09:37 - 2011-06-15 14:47 - 0000000 __SHD C:\Config.Msi
2011-06-14 22:54 - 2011-06-14 22:54 - 0125482 ____A C:\Users\Alex\.recently-used.xbel
2011-06-13 15:44 - 2011-06-13 15:44 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Unity
2011-06-13 15:35 - 2011-06-13 15:35 - 0000000 ____D C:\Users\Alex\AppData\Local\Unity
2011-06-13 15:12 - 2011-06-13 15:23 - 474812155 ____A C:\Users\Alex\Downloads\FTXUS2WA1100_BUILD_1001.zip
2011-06-12 17:40 - 2011-06-12 17:40 - 6418619 ____A C:\Users\Alex\Desktop\SilvaireOpsHandbook.pdf
2011-06-12 17:23 - 2011-06-12 17:23 - 0961839 ____A C:\Users\Alex\Desktop\temp.xcf
2011-06-12 16:53 - 2011-06-12 16:53 - 0007031 ____A C:\Users\Alex\Desktop\VoxelSphere33.png
2011-06-12 09:31 - 2011-06-12 17:22 - 1501613 ____A C:\Users\Alex\Desktop\trailerside.xcf
2011-06-11 20:27 - 2011-06-11 20:32 - 213388044 ____A C:\Users\Alex\Downloads\FTXYPMQ_BETA_BUILD_1002.zip
2011-06-11 16:34 - 2011-06-11 16:34 - 0117479 ____A C:\Users\Alex\Desktop\Untitled-2.png
2011-06-11 15:53 - 2011-06-11 15:55 - 37790874 ____A C:\Users\Alex\Downloads\VICTA_AIRTOURER_BETA_3004_FULL.rar
2011-06-11 10:13 - 2011-06-11 10:14 - 35363589 ____A C:\Users\Alex\Downloads\VICTA_AIRTOURER_BETA_3002.rar
2011-06-11 08:34 - 2011-06-11 08:34 - 5633536 ____A C:\Users\Alex\Documents\stealhcoin
2011-06-11 08:33 - 2011-06-11 08:35 - 0000000 ____D C:\Users\Alex\Desktop\bitcoin2cash-Stealthcoin-1a7f554
2011-06-11 08:26 - 2011-06-11 08:26 - 11580662 ____A C:\Users\Alex\Downloads\VICTA_AIRTOURER_BETA_3003B_UPDATE.rar
2011-06-10 19:02 - 2011-06-10 19:02 - 14391226 ____A C:\Users\Alex\Downloads\USAir Hudson.7z
2011-06-10 19:02 - 2011-06-10 19:02 - 0000000 ____D C:\Users\Alex\Desktop\USAir Hudson
2011-06-10 17:35 - 2011-06-12 19:41 - 0000000 ____D C:\Program Files (x86)\Cain
2011-06-10 17:35 - 2011-06-10 17:35 - 0000000 ____D C:\Program Files (x86)\WinPcap
2011-06-10 17:32 - 2011-06-10 17:32 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-06-10 17:32 - 2011-06-10 17:32 - 0000000 ____D C:\Program Files\iTunes
2011-06-10 17:32 - 2011-06-10 17:32 - 0000000 ____D C:\Program Files\iPod
2011-06-10 17:32 - 2011-06-10 17:32 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-06-10 17:29 - 2011-06-10 17:31 - 7967675 ____A C:\Users\Alex\Downloads\ca_setup.exe
2011-06-04 05:31 - 2011-06-04 05:31 - 3003068 ____A C:\Users\Alex\Downloads\Beach Boys - California Dreaming.mp3
2011-06-04 05:31 - 2011-06-04 05:31 - 2488143 ____A C:\Users\Alex\Downloads\The Monkees - Im a Believer [official music video].mp3
2011-06-03 18:02 - 2011-06-03 18:02 - 0000000 ____D C:\Users\Alex\Documents\3dsmax
2011-06-03 17:59 - 2011-06-03 18:03 - 0000000 ___RD C:\Users\Alex\Documents\Adlm
2011-06-03 17:59 - 2011-06-03 17:59 - 0000000 ____D C:\Users\Alex\AppData\Local\Autodesk
2011-06-03 17:56 - 2011-06-03 17:59 - 0000000 ____D C:\Users\All Users\Autodesk
2011-06-03 17:56 - 2011-06-03 17:59 - 0000000 ____D C:\ProgramData\Autodesk
2011-06-03 17:56 - 2011-06-03 17:57 - 0000000 ____D C:\Program Files (x86)\Autodesk
2011-06-03 17:55 - 2011-06-03 17:55 - 0000000 ____D C:\3dsmax9Trial
2011-06-03 17:28 - 2011-06-03 17:47 - 202266657 ____A C:\Users\Alex\Desktop\3dsmax9Tutorials.exe
2011-06-03 08:28 - 2011-06-03 08:28 - 0000000 ____D C:\Program Files\CPUID
2011-06-03 08:28 - 2010-11-09 11:35 - 0021992 ____A (CPUID) C:\Windows\System32\Drivers\cpuz135_x64.sys
2011-06-03 08:27 - 2011-06-03 08:27 - 3765880 ____A ( ) C:\Users\Alex\Downloads\cpu-z_1.57.1-setup-en.exe
2011-06-03 08:27 - 2011-06-03 08:27 - 0967765 ____A C:\Users\Alex\Downloads\cpu-z_1.57-64bits-en.zip
2011-06-02 10:39 - 2011-06-02 10:39 - 2560224 ____A C:\Users\Alex\Downloads\Campus Visit.JPG
2011-05-31 19:46 - 2011-05-31 19:46 - 0279975 ____A C:\Users\Alex\Desktop\oodnadattamap.jpg
2011-05-31 10:32 - 2011-05-31 10:32 - 0023330 ____A C:\Users\Alex\Downloads\AFUDOS226.zip
2011-05-31 10:00 - 2011-06-11 08:35 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Bitcoin
2011-05-30 18:02 - 2011-05-30 18:03 - 4521014 ____A C:\Users\Alex\Downloads\FileZilla_3.5.0_win32-setup.exe
2011-05-29 21:10 - 2011-05-29 21:11 - 1007108 ____A C:\Users\Alex\Downloads\rkill.exe
2011-05-28 16:33 - 2011-05-28 16:45 - 316095346 ____A C:\Users\Alex\Downloads\orthoimage_WA_CC2007_W52_Goheen.rar
2011-05-28 16:33 - 2011-05-28 16:41 - 143934734 ____A C:\Users\Alex\Downloads\orthoimage_OR_NAIP_05S_Vernonia.rar
2011-05-27 19:43 - 2011-05-27 19:43 - 0000000 ____D C:\Users\Alex\AppData\Local\World_of_AI
2011-05-27 16:59 - 2011-05-27 16:59 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-05-27 13:05 - 2011-05-27 13:32 - 397235793 ____A C:\Users\Alex\Downloads\OrbxIVP100.zip
2011-05-27 13:05 - 2011-05-27 13:18 - 65342421 ____A C:\Users\Alex\Downloads\OrbxIVP120_PATCH.zip
2011-05-26 19:22 - 2011-05-26 19:22 - 0010935 ____A C:\Users\Alex\Downloads\photo-3284.jpg
2011-05-26 13:35 - 2011-05-27 14:02 - 19238211 ____A C:\Users\Alex\trailer.xcf
2011-05-25 18:27 - 2011-05-25 18:27 - 0157784 ____A C:\Users\Alex\Downloads\Pokemon Theme.rar
2011-05-24 22:13 - 2011-04-22 14:15 - 0027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2011-05-24 16:58 - 2011-05-24 16:58 - 0001007 ____A C:\Users\Public\Desktop\PowerISO.lnk
2011-05-24 16:58 - 2011-05-24 16:58 - 0000000 ____D C:\Program Files (x86)\PowerISO
2011-05-24 16:58 - 2010-04-12 00:55 - 0091568 ____A (PowerISO Computing, Inc.) C:\Windows\System32\Drivers\scdemu.sys
2011-05-24 14:28 - 2011-06-15 19:33 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-05-24 14:28 - 2011-06-15 14:47 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-05-24 03:40 - 2011-05-24 03:40 - 0002613 ____A C:\Users\Alex\Desktop\vernonia .kmz.zip
2011-05-21 13:37 - 2011-05-25 13:22 - 0000000 ____D C:\Users\Alex\AppData\Local\My Games
2011-05-21 13:19 - 2011-05-21 13:19 - 0000000 ____D C:\Program Files (x86)\2K Games
2011-05-21 13:15 - 2011-05-21 13:15 - 0000000 ____D C:\Users\Alex\AppData\Roaming\InstallShield
2011-05-20 17:19 - 2011-05-20 17:19 - 0000000 ____D C:\Users\Alex\AppData\Local\SceneryDesign.org
2011-05-20 17:02 - 2011-05-20 17:02 - 0001688 ____A C:\Users\Alex\Desktop\DXTBmp.lnk
2011-05-20 17:02 - 2011-05-20 17:02 - 0000000 ____D C:\Graphics
2011-05-19 17:09 - 2011-05-29 21:12 - 0000312 ____A C:\rkill.log
2011-05-19 16:00 - 2011-05-19 19:43 - 0000000 ____D C:\Users\Alex\AppData\Local\WMTools Downloaded Files
2011-05-19 15:56 - 2011-05-19 16:59 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Audacity
2011-05-19 15:56 - 2011-05-19 15:56 - 0001158 ____A C:\Users\Alex\Desktop\Audacity 1.3 Beta (Unicode).lnk
2011-05-19 15:56 - 2011-05-19 15:56 - 0000000 ____D C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2011-05-19 15:52 - 2011-05-19 19:21 - 0017408 ____A C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-19 15:50 - 2011-05-19 15:50 - 0000000 ____D C:\Program Files (x86)\Movie Maker 2.6
2011-05-19 15:44 - 2011-05-19 15:47 - 0000000 ____D C:\Program Files (x86)\DebugMode
2011-05-19 15:44 - 2011-05-19 15:44 - 0000000 ____D C:\Program Files (x86)\Sonic Foundry
2011-05-19 15:44 - 2011-05-19 15:44 - 0000000 ____D C:\Program Files (x86)\Pure Motion
2011-05-19 15:32 - 2011-05-19 15:32 - 0000000 ____D C:\Users\Alex\AppData\Local\{BAD8395B-6713-40D8-BB80-27F2CCE25D4D}
2011-05-19 15:31 - 2011-05-19 15:31 - 0000000 ____D C:\Windows\en
2011-05-19 15:28 - 2011-05-19 15:28 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-05-19 15:25 - 2011-05-19 15:27 - 0000000 ____D C:\Program Files (x86)\Windows Live
2011-05-19 15:24 - 2011-05-19 15:31 - 0000000 ____D C:\Users\Alex\AppData\Local\Windows Live
2011-05-19 14:04 - 2011-05-19 14:04 - 0000000 ____D C:\Windows\System32\appmgmt
2011-05-19 14:03 - 2011-05-19 14:09 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Apple Computer
2011-05-19 14:03 - 2011-05-19 14:03 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-05-19 14:03 - 2011-05-19 14:03 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-05-19 14:03 - 2011-05-19 14:03 - 0000000 ____D C:\Users\Alex\AppData\Local\Apple Computer
2011-05-19 14:03 - 2011-05-19 14:03 - 0000000 ____D C:\Users\Alex\AppData\Local\Apple
2011-05-19 14:03 - 2011-05-19 14:03 - 0000000 ____D C:\ProgramData\Apple Computer
2011-05-19 14:03 - 2011-05-19 14:03 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-05-19 14:03 - 2011-05-19 14:03 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-05-19 14:03 - 2011-05-19 14:03 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-05-19 14:03 - 2009-05-18 09:17 - 0034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2011-05-19 14:03 - 2008-04-17 08:12 - 0126312 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2011-05-19 14:03 - 2008-04-17 08:12 - 0107368 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2011-05-19 14:02 - 2011-05-19 14:02 - 0000000 ____D C:\Users\All Users\Apple
2011-05-19 14:02 - 2011-05-19 14:02 - 0000000 ____D C:\ProgramData\Apple
2011-05-19 14:02 - 2011-05-19 14:02 - 0000000 ____D C:\Program Files\Common Files\Apple
2011-05-19 14:02 - 2011-05-19 14:02 - 0000000 ____D C:\Program Files\Bonjour
2011-05-19 14:02 - 2011-05-19 14:02 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-05-18 17:17 - 2011-05-18 17:17 - 0000000 ____D C:\Autodesk
2011-05-18 13:53 - 2011-05-31 20:22 - 0000000 ____D C:\Program Files (x86)\FSrealWX
2011-05-18 13:38 - 2009-03-10 19:25 - 0191488 ____N (MW Graphics) C:\Windows\SysWOW64\mwgfx.dll
2011-05-18 13:38 - 2008-10-20 09:44 - 0237056 ____N (MW Publishing) C:\Windows\SysWOW64\mwgfx24.dll
2011-05-18 13:38 - 2008-09-05 04:32 - 0104960 ____N (MW Graphics) C:\Windows\SysWOW64\mwdds.dll
2011-05-18 13:38 - 2008-08-10 06:39 - 0053248 ____N (MW Graphics) C:\Windows\SysWOW64\mwgfxvb.dll
2011-05-18 13:38 - 2007-08-19 05:37 - 0028672 ____N (MW Graphics) C:\Windows\SysWOW64\mwgfxcopy.exe
2011-05-18 13:38 - 2006-03-14 07:48 - 0256512 ____N (MW Graphics) C:\Windows\SysWOW64\mwdlg.dll
2011-05-18 13:38 - 2004-05-14 07:13 - 0056832 ____N (MW Graphics) C:\Windows\SysWOW64\mwace.dll
2011-05-18 13:38 - 2004-05-14 05:13 - 0027136 ____N (MW Graphics) C:\Windows\SysWOW64\mwacevb.dll
2011-05-18 13:38 - 2004-03-16 12:47 - 0049152 ____N (MW Graphics) C:\Windows\SysWOW64\mwddsvb.dll
2011-05-16 16:29 - 2011-05-25 15:17 - 0000000 ____D C:\Users\Alex\AppData\Roaming\.minecraft
2011-05-16 13:44 - 2011-05-16 13:44 - 0000000 ____D C:\Program Files\Microsoft Research


============ 3 Months Modified Files and folders =============

2011-06-16 13:37 - 2011-06-16 13:37 - 0000000 ____D C:\FRST
2011-06-16 00:01 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\LogFiles
2011-06-15 19:58 - 2011-04-16 11:43 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4129066522-3224154458-749277632-1001UA.job
2011-06-15 19:57 - 2011-06-15 19:57 - 4479961 ____A C:\Users\Alex\Downloads\tropico3_117_patch_d2d.zip
2011-06-15 19:57 - 2011-06-15 19:57 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Tropico 3
2011-06-15 19:55 - 2011-06-15 19:55 - 0000000 ____D C:\Program Files (x86)\Kalypso
2011-06-15 19:55 - 2011-04-16 12:47 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2011-06-15 19:55 - 2009-07-13 19:20 - 0000000 ___RD C:\Program Files (x86)
2011-06-15 19:33 - 2011-05-24 14:28 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-06-15 18:17 - 2011-06-15 18:15 - 0000000 ____D C:\Users\Alex\Desktop\Tropico 3
2011-06-15 17:58 - 2011-04-16 11:43 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4129066522-3224154458-749277632-1001Core.job
2011-06-15 16:02 - 2011-06-15 16:02 - 0750699 ____A C:\Users\Alex\Downloads\TROPICO.PARADISE.ISLAND.105.ENG.TUDDIES.NOCD.ZIP
2011-06-15 16:02 - 2011-06-15 11:57 - 0000000 ____D C:\Program Files (x86)\Tropico
2011-06-15 15:02 - 2011-06-15 14:58 - 179934202 ____A C:\Users\Alex\Downloads\FTXYMEN_BUILD_2001.zip
2011-06-15 14:55 - 2009-07-13 20:45 - 0013792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-06-15 14:55 - 2009-07-13 20:45 - 0013792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-06-15 14:52 - 2009-07-13 21:13 - 0852892 ____A C:\Windows\System32\PerfStringBackup.INI
2011-06-15 14:52 - 2009-07-13 18:36 - 0713372 ____A C:\Windows\System32\perfh009.dat
2011-06-15 14:52 - 2009-07-13 18:36 - 0138416 ____A C:\Windows\System32\perfc009.dat
2011-06-15 14:47 - 2011-06-15 09:37 - 0000000 __SHD C:\Config.Msi
2011-06-15 14:47 - 2011-05-24 14:28 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-06-15 14:47 - 2011-04-16 14:39 - 0006944 ____A C:\Windows\PFRO.log
2011-06-15 14:47 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-06-15 14:47 - 2009-07-13 20:51 - 0026100 ____A C:\Windows\setupact.log
2011-06-15 14:46 - 2011-04-16 18:24 - 0000000 ____D C:\Users\Alex\AppData\Roaming\BitTorrent
2011-06-15 14:40 - 2011-04-16 11:40 - 1778620 ____A C:\Windows\WindowsUpdate.log
2011-06-15 14:23 - 2011-06-15 14:33 - 2449660 ____A C:\Users\Alex\Desktop\DSC01678.JPG
2011-06-15 14:22 - 2011-06-15 14:33 - 2389820 ____A C:\Users\Alex\Desktop\DSC01677.JPG
2011-06-15 12:05 - 2011-04-16 12:48 - 0000000 ____D C:\Users\Alex\AppData\Roaming\skypePM
2011-06-15 11:59 - 2011-04-16 14:22 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-06-15 10:07 - 2011-06-15 10:07 - 0000000 ____D C:\Users\Alex\Downloads\3dsmax9_sp2_32bit
2011-06-15 10:06 - 2011-06-15 10:06 - 17787965 ____A C:\Users\Alex\Downloads\3dsmax9_sp2_32bit.zip
2011-06-15 10:05 - 2011-06-15 10:05 - 2635353 ____A C:\Users\Alex\Downloads\3dsmax9_sp2_readme0.rtf
2011-06-15 09:38 - 2011-06-15 09:38 - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2011-06-15 09:38 - 2011-04-17 06:57 - 0000000 ____D C:\Users\All Users\Adobe
2011-06-15 09:38 - 2011-04-17 06:57 - 0000000 ____D C:\ProgramData\Adobe
2011-06-15 09:38 - 2011-04-17 06:57 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-06-15 00:19 - 2011-04-16 12:05 - 2855006 ___AH C:\Users\Alex\AppData\Local\IconCache.db
2011-06-14 23:58 - 2011-04-16 11:49 - 0002391 ____A C:\Users\Alex\Desktop\Google Chrome.lnk
2011-06-14 22:55 - 2011-04-16 15:26 - 0000000 ____D C:\Users\Alex\.gimp-2.6
2011-06-14 22:54 - 2011-06-14 22:54 - 0125482 ____A C:\Users\Alex\.recently-used.xbel
2011-06-14 22:54 - 2011-04-16 15:27 - 0000000 ____D C:\Users\Alex\AppData\Roaming\gtk-2.0
2011-06-14 22:54 - 2011-04-16 11:41 - 0000000 ____D C:\users\Alex
2011-06-14 10:51 - 2011-04-16 12:48 - 0000000 ____D C:\Users\All Users\Skype Extras
2011-06-14 10:51 - 2011-04-16 12:48 - 0000000 ____D C:\ProgramData\Skype Extras
2011-06-13 15:44 - 2011-06-13 15:44 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Unity
2011-06-13 15:35 - 2011-06-13 15:35 - 0000000 ____D C:\Users\Alex\AppData\Local\Unity
2011-06-13 15:35 - 2011-04-16 11:41 - 0000000 ____D C:\Users\Alex\AppData\LocalLow
2011-06-13 15:23 - 2011-06-13 15:12 - 474812155 ____A C:\Users\Alex\Downloads\FTXUS2WA1100_BUILD_1001.zip
2011-06-12 19:41 - 2011-06-10 17:35 - 0000000 ____D C:\Program Files (x86)\Cain
2011-06-12 17:40 - 2011-06-12 17:40 - 6418619 ____A C:\Users\Alex\Desktop\SilvaireOpsHandbook.pdf
2011-06-12 17:23 - 2011-06-12 17:23 - 0961839 ____A C:\Users\Alex\Desktop\temp.xcf
2011-06-12 17:22 - 2011-06-12 09:31 - 1501613 ____A C:\Users\Alex\Desktop\trailerside.xcf
2011-06-12 16:53 - 2011-06-12 16:53 - 0007031 ____A C:\Users\Alex\Desktop\VoxelSphere33.png
2011-06-11 20:51 - 2011-04-16 14:27 - 0000000 ____D C:\Users\Alex\Documents\Flight Simulator X Files
2011-06-11 20:32 - 2011-06-11 20:27 - 213388044 ____A C:\Users\Alex\Downloads\FTXYPMQ_BETA_BUILD_1002.zip
2011-06-11 16:34 - 2011-06-11 16:34 - 0117479 ____A C:\Users\Alex\Desktop\Untitled-2.png
2011-06-11 15:55 - 2011-06-11 15:53 - 37790874 ____A C:\Users\Alex\Downloads\VICTA_AIRTOURER_BETA_3004_FULL.rar
2011-06-11 10:14 - 2011-06-11 10:13 - 35363589 ____A C:\Users\Alex\Downloads\VICTA_AIRTOURER_BETA_3002.rar
2011-06-11 08:35 - 2011-06-11 08:33 - 0000000 ____D C:\Users\Alex\Desktop\bitcoin2cash-Stealthcoin-1a7f554
2011-06-11 08:35 - 2011-05-31 10:00 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Bitcoin
2011-06-11 08:34 - 2011-06-11 08:34 - 5633536 ____A C:\Users\Alex\Documents\stealhcoin
2011-06-11 08:33 - 2011-04-16 13:39 - 0000000 ____D C:\Users\Alex\Desktop\Computer
2011-06-11 08:26 - 2011-06-11 08:26 - 11580662 ____A C:\Users\Alex\Downloads\VICTA_AIRTOURER_BETA_3003B_UPDATE.rar
2011-06-10 19:02 - 2011-06-10 19:02 - 14391226 ____A C:\Users\Alex\Downloads\USAir Hudson.7z
2011-06-10 19:02 - 2011-06-10 19:02 - 0000000 ____D C:\Users\Alex\Desktop\USAir Hudson
2011-06-10 17:35 - 2011-06-10 17:35 - 0000000 ____D C:\Program Files (x86)\WinPcap
2011-06-10 17:32 - 2011-06-10 17:32 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-06-10 17:32 - 2011-06-10 17:32 - 0000000 ____D C:\Program Files\iTunes
2011-06-10 17:32 - 2011-06-10 17:32 - 0000000 ____D C:\Program Files\iPod
2011-06-10 17:32 - 2011-06-10 17:32 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-06-10 17:31 - 2011-06-10 17:29 - 7967675 ____A C:\Users\Alex\Downloads\ca_setup.exe
2011-06-10 17:31 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\DriverStore
2011-06-04 05:31 - 2011-06-04 05:31 - 3003068 ____A C:\Users\Alex\Downloads\Beach Boys - California Dreaming.mp3
2011-06-04 05:31 - 2011-06-04 05:31 - 2488143 ____A C:\Users\Alex\Downloads\The Monkees - Im a Believer [official music video].mp3
2011-06-03 20:11 - 2011-04-17 06:50 - 0000000 ____D C:\gmax
2011-06-03 18:06 - 2011-04-17 06:30 - 0000000 ____D C:\Users\Alex\Desktop\Development
2011-06-03 18:03 - 2011-06-03 17:59 - 0000000 ___RD C:\Users\Alex\Documents\Adlm
2011-06-03 18:02 - 2011-06-03 18:02 - 0000000 ____D C:\Users\Alex\Documents\3dsmax
2011-06-03 17:59 - 2011-06-03 17:59 - 0000000 ____D C:\Users\Alex\AppData\Local\Autodesk
2011-06-03 17:59 - 2011-06-03 17:56 - 0000000 ____D C:\Users\All Users\Autodesk
2011-06-03 17:59 - 2011-06-03 17:56 - 0000000 ____D C:\ProgramData\Autodesk
2011-06-03 17:57 - 2011-06-03 17:56 - 0000000 ____D C:\Program Files (x86)\Autodesk
2011-06-03 17:55 - 2011-06-03 17:55 - 0000000 ____D C:\3dsmax9Trial
2011-06-03 17:47 - 2011-06-03 17:28 - 202266657 ____A C:\Users\Alex\Desktop\3dsmax9Tutorials.exe
2011-06-03 08:28 - 2011-06-03 08:28 - 0000000 ____D C:\Program Files\CPUID
2011-06-03 08:27 - 2011-06-03 08:27 - 3765880 ____A ( ) C:\Users\Alex\Downloads\cpu-z_1.57.1-setup-en.exe
2011-06-03 08:27 - 2011-06-03 08:27 - 0967765 ____A C:\Users\Alex\Downloads\cpu-z_1.57-64bits-en.zip
2011-06-02 10:39 - 2011-06-02 10:39 - 2560224 ____A C:\Users\Alex\Downloads\Campus Visit.JPG
2011-06-02 08:52 - 2011-04-22 14:06 - 0000000 ____D C:\Users\Alex\AppData\Roaming\FileZilla
2011-06-01 03:25 - 2011-04-16 13:39 - 0000000 ____D C:\Users\Alex\Desktop\Flight Simulator
2011-05-31 20:22 - 2011-05-18 13:53 - 0000000 ____D C:\Program Files (x86)\FSrealWX
2011-05-31 19:46 - 2011-05-31 19:46 - 0279975 ____A C:\Users\Alex\Desktop\oodnadattamap.jpg
2011-05-31 10:32 - 2011-05-31 10:32 - 0023330 ____A C:\Users\Alex\Downloads\AFUDOS226.zip
2011-05-30 18:04 - 2011-04-22 14:06 - 0000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2011-05-30 18:03 - 2011-05-30 18:02 - 4521014 ____A C:\Users\Alex\Downloads\FileZilla_3.5.0_win32-setup.exe
2011-05-29 21:12 - 2011-05-19 17:09 - 0000312 ____A C:\rkill.log
2011-05-29 21:11 - 2011-05-29 21:10 - 1007108 ____A C:\Users\Alex\Downloads\rkill.exe
2011-05-28 16:45 - 2011-05-28 16:33 - 316095346 ____A C:\Users\Alex\Downloads\orthoimage_WA_CC2007_W52_Goheen.rar
2011-05-28 16:42 - 2011-05-01 18:46 - 0001853 ____A C:\Users\Public\Desktop\3DMark 11.lnk
2011-05-28 16:42 - 2011-04-29 12:46 - 0001027 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2011-05-28 16:41 - 2011-05-28 16:33 - 143934734 ____A C:\Users\Alex\Downloads\orthoimage_OR_NAIP_05S_Vernonia.rar
2011-05-27 19:47 - 2011-04-16 14:04 - 0000000 ____D C:\Flight Simulator X
2011-05-27 19:43 - 2011-05-27 19:43 - 0000000 ____D C:\Users\Alex\AppData\Local\World_of_AI
2011-05-27 16:59 - 2011-05-27 16:59 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-05-27 14:02 - 2011-05-26 13:35 - 19238211 ____A C:\Users\Alex\trailer.xcf
2011-05-27 13:32 - 2011-05-27 13:05 - 397235793 ____A C:\Users\Alex\Downloads\OrbxIVP100.zip
2011-05-27 13:18 - 2011-05-27 13:05 - 65342421 ____A C:\Users\Alex\Downloads\OrbxIVP120_PATCH.zip
2011-05-26 19:22 - 2011-05-26 19:22 - 0010935 ____A C:\Users\Alex\Downloads\photo-3284.jpg
2011-05-26 15:18 - 2011-05-07 15:12 - 0000486 ____A C:\Windows\demdata.txt
2011-05-25 18:27 - 2011-05-25 18:27 - 0157784 ____A C:\Users\Alex\Downloads\Pokemon Theme.rar
2011-05-25 15:17 - 2011-05-16 16:29 - 0000000 ____D C:\Users\Alex\AppData\Roaming\.minecraft
2011-05-25 13:22 - 2011-05-21 13:37 - 0000000 ____D C:\Users\Alex\AppData\Local\My Games
2011-05-25 13:22 - 2011-04-16 21:29 - 0000000 ____D C:\Users\Alex\Documents\My Games
2011-05-24 17:36 - 2011-04-16 13:50 - 0502002 ____A C:\Windows\DirectX.log
2011-05-24 16:58 - 2011-05-24 16:58 - 0001007 ____A C:\Users\Public\Desktop\PowerISO.lnk
2011-05-24 16:58 - 2011-05-24 16:58 - 0000000 ____D C:\Program Files (x86)\PowerISO
2011-05-24 14:28 - 2011-04-17 17:38 - 0000000 ____D C:\Program Files (x86)\Google
2011-05-24 03:40 - 2011-05-24 03:40 - 0002613 ____A C:\Users\Alex\Desktop\vernonia .kmz.zip
2011-05-21 13:19 - 2011-05-21 13:19 - 0000000 ____D C:\Program Files (x86)\2K Games
2011-05-21 13:15 - 2011-05-21 13:15 - 0000000 ____D C:\Users\Alex\AppData\Roaming\InstallShield
2011-05-20 18:24 - 2011-05-04 13:26 - 0000000 ____D C:\Users\Alex\Desktop\Minecraft
2011-05-20 17:19 - 2011-05-20 17:19 - 0000000 ____D C:\Users\Alex\AppData\Local\SceneryDesign.org
2011-05-20 17:02 - 2011-05-20 17:02 - 0001688 ____A C:\Users\Alex\Desktop\DXTBmp.lnk
2011-05-20 17:02 - 2011-05-20 17:02 - 0000000 ____D C:\Graphics
2011-05-19 20:24 - 2011-04-16 15:21 - 0000000 ____D C:\Users\Alex\Documents\School
2011-05-19 19:43 - 2011-05-19 16:00 - 0000000 ____D C:\Users\Alex\AppData\Local\WMTools Downloaded Files
2011-05-19 19:21 - 2011-05-19 15:52 - 0017408 ____A C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-19 16:59 - 2011-05-19 15:56 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Audacity
2011-05-19 15:56 - 2011-05-19 15:56 - 0001158 ____A C:\Users\Alex\Desktop\Audacity 1.3 Beta (Unicode).lnk
2011-05-19 15:56 - 2011-05-19 15:56 - 0000000 ____D C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2011-05-19 15:50 - 2011-05-19 15:50 - 0000000 ____D C:\Program Files (x86)\Movie Maker 2.6
2011-05-19 15:47 - 2011-05-19 15:44 - 0000000 ____D C:\Program Files (x86)\DebugMode
2011-05-19 15:44 - 2011-05-19 15:44 - 0000000 ____D C:\Program Files (x86)\Sonic Foundry
2011-05-19 15:44 - 2011-05-19 15:44 - 0000000 ____D C:\Program Files (x86)\Pure Motion
2011-05-19 15:32 - 2011-05-19 15:32 - 0000000 ____D C:\Users\Alex\AppData\Local\{BAD8395B-6713-40D8-BB80-27F2CCE25D4D}
2011-05-19 15:31 - 2011-05-19 15:31 - 0000000 ____D C:\Windows\en
2011-05-19 15:31 - 2011-05-19 15:24 - 0000000 ____D C:\Users\Alex\AppData\Local\Windows Live
2011-05-19 15:28 - 2011-05-19 15:28 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-05-19 15:27 - 2011-05-19 15:25 - 0000000 ____D C:\Program Files (x86)\Windows Live
2011-05-19 15:25 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-05-19 14:09 - 2011-05-19 14:03 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Apple Computer
2011-05-19 14:04 - 2011-05-19 14:04 - 0000000 ____D C:\Windows\System32\appmgmt
2011-05-19 14:03 - 2011-05-19 14:03 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-05-19 14:03 - 2011-05-19 14:03 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-05-19 14:03 - 2011-05-19 14:03 - 0000000 ____D C:\Users\Alex\AppData\Local\Apple Computer
2011-05-19 14:03 - 2011-05-19 14:03 - 0000000 ____D C:\Users\Alex\AppData\Local\Apple
2011-05-19 14:03 - 2011-05-19 14:03 - 0000000 ____D C:\ProgramData\Apple Computer
2011-05-19 14:03 - 2011-05-19 14:03 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-05-19 14:03 - 2011-05-19 14:03 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-05-19 14:03 - 2011-05-19 14:03 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-05-19 14:02 - 2011-05-19 14:02 - 0000000 ____D C:\Users\All Users\Apple
2011-05-19 14:02 - 2011-05-19 14:02 - 0000000 ____D C:\ProgramData\Apple
2011-05-19 14:02 - 2011-05-19 14:02 - 0000000 ____D C:\Program Files\Common Files\Apple
2011-05-19 14:02 - 2011-05-19 14:02 - 0000000 ____D C:\Program Files\Bonjour
2011-05-19 14:02 - 2011-05-19 14:02 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-05-18 17:17 - 2011-05-18 17:17 - 0000000 ____D C:\Autodesk
2011-05-16 15:41 - 2011-04-19 17:16 - 0000000 ____D C:\Program Files (x86)\Instant Scenery 2
2011-05-16 13:44 - 2011-05-16 13:44 - 0000000 ____D C:\Program Files\Microsoft Research
2011-05-15 13:19 - 2011-05-15 13:13 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Nero
2011-05-15 13:13 - 2011-05-15 13:12 - 0000000 ____D C:\Users\All Users\Nero
2011-05-15 13:13 - 2011-05-15 13:12 - 0000000 ____D C:\ProgramData\Nero
2011-05-13 19:24 - 2011-05-05 16:35 - 0000000 ____D C:\Program Files\Core Temp
2011-05-12 18:21 - 2011-05-12 18:21 - 0825362 ____A C:\Users\Alex\Downloads\Tutorial.zip
2011-05-12 18:12 - 2011-04-23 20:58 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2011-05-10 19:05 - 2011-04-16 12:57 - 44548040 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-05-10 19:04 - 2011-04-16 14:00 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-05-10 19:04 - 2011-04-16 14:00 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-05-10 17:52 - 2011-05-10 14:03 - 2291563138 ____A C:\Users\Alex\Downloads\OZx_AUS_v3.0.zip
2011-05-10 14:27 - 2011-05-10 14:03 - 333518553 ____A C:\Users\Alex\Downloads\OZx_AUS_v3.1.zip
2011-05-10 14:26 - 2011-05-10 14:03 - 274168123 ____A C:\Users\Alex\Downloads\OZx3.2_installs.zip
2011-05-10 14:24 - 2011-05-10 14:03 - 233522292 ____A C:\Users\Alex\Downloads\OZx_AUS_v3.3.zip
2011-05-08 18:38 - 2011-05-08 18:38 - 0000090 ___SH C:\Windows\cnerolf.bin
2011-05-08 18:15 - 2011-05-08 18:15 - 0000000 ____D C:\Program Files (x86)\CR1-Software
2011-05-08 05:38 - 2009-07-13 20:45 - 0363120 ____A C:\Windows\System32\FNTCACHE.DAT
2011-05-07 16:22 - 2011-05-07 16:21 - 0000000 ____D C:\Program Files (x86)\Finale SongWriter 2010
2011-05-07 15:10 - 2011-05-07 15:10 - 0000000 ____D C:\Users\Alex\Documents\Finale Files
2011-05-07 15:10 - 2011-05-07 15:10 - 0000000 ____D C:\Users\Alex\AppData\Roaming\MakeMusic
2011-05-07 15:06 - 2011-05-07 14:49 - 0000000 ____D C:\Users\All Users\Musicnotes
2011-05-07 15:06 - 2011-05-07 14:49 - 0000000 ____D C:\ProgramData\Musicnotes
2011-05-07 15:06 - 2011-04-16 11:43 - 0094712 ____A C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2011-05-07 15:04 - 2011-05-07 15:03 - 0000000 ____D C:\Program Files (x86)\Finale NotePad 2011
2011-05-07 15:03 - 2011-05-07 15:03 - 0000000 ____D C:\Users\All Users\MakeMusic
2011-05-07 15:03 - 2011-05-07 15:03 - 0000000 ____D C:\PSFONTS
2011-05-07 15:03 - 2011-05-07 15:03 - 0000000 ____D C:\ProgramData\MakeMusic
2011-05-07 14:49 - 2011-05-07 14:48 - 0000000 ____D C:\Program Files (x86)\Musicnotes
2011-05-07 14:48 - 2011-05-07 14:48 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-05-07 14:48 - 2011-05-07 14:48 - 0000000 ____D C:\Users\Alex\Documents\Musicnotes
2011-05-07 14:48 - 2011-05-07 14:48 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Malwarebytes
2011-05-07 14:48 - 2011-05-07 14:48 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-05-07 14:48 - 2011-05-07 14:48 - 0000000 ____D C:\Program Files\Musicnotes
2011-05-07 14:48 - 2011-05-07 14:48 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-07 12:42 - 2011-05-07 12:42 - 0000000 ____D C:\Users\All Users\Motive
2011-05-07 12:42 - 2011-05-07 12:42 - 0000000 ____D C:\ProgramData\Motive
2011-05-07 12:42 - 2011-05-07 12:42 - 0000000 ____D C:\Program Files\Common Files\Motive
2011-05-07 12:42 - 2011-05-07 12:42 - 0000000 ____D C:\Program Files\ATT-HSI
2011-05-07 12:42 - 2011-05-07 12:42 - 0000000 ____D C:\Program Files (x86)\ATT-HSI
2011-05-07 12:42 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-05-05 18:46 - 2011-04-17 19:19 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-05-05 16:31 - 2011-05-05 16:31 - 0001883 ____A C:\Windows\IE9_main.log
2011-05-05 16:27 - 2011-04-16 19:04 - 0007541 ____A C:\Windows\System32\lvcoinst.log
2011-05-04 13:24 - 2011-05-04 13:01 - 333162247 ____A C:\Users\Alex\Downloads\2011-05-01 Goheen W52.rar
2011-05-03 15:50 - 2011-05-03 15:50 - 0178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2011-05-03 15:50 - 2011-05-03 15:50 - 0000000 __RHD C:\Users\Alex\AppData\Roaming\SecuROM
2011-05-03 14:12 - 2011-05-03 14:12 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2011-05-03 14:12 - 2011-05-03 14:12 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2011-05-03 14:12 - 2011-05-03 14:12 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2011-05-03 14:12 - 2011-05-03 14:12 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2011-05-03 14:12 - 2011-05-03 14:12 - 0000000 ____D C:\Windows\Sun
2011-05-03 14:12 - 2011-05-03 14:12 - 0000000 ____D C:\Users\All Users\Sun
2011-05-03 14:12 - 2011-05-03 14:12 - 0000000 ____D C:\ProgramData\Sun
2011-05-03 14:12 - 2011-05-03 14:12 - 0000000 ____D C:\Program Files (x86)\Java
2011-05-01 19:01 - 2011-05-01 19:00 - 0000000 ____D C:\Users\Alex\Documents\3DMark 11
2011-05-01 18:59 - 2011-05-01 18:59 - 0000000 ____D C:\Users\Alex\AppData\Local\Futuremark_Corporation
2011-05-01 18:46 - 2011-05-01 18:46 - 0000000 ____D C:\Program Files\Futuremark
2011-04-29 19:01 - 2011-04-29 18:57 - 0000000 ____D C:\Users\Alex\AppData\Roaming\TS3Client
2011-04-29 13:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-04-29 12:46 - 2011-04-29 12:46 - 0000000 ____D C:\Program Files\TeamSpeak 3 Client
2011-04-28 16:40 - 2011-04-28 16:40 - 0000000 ____D C:\Users\Alex\AppData\Local\Microsoft Corp
2011-04-28 16:38 - 2011-04-28 16:38 - 0000000 ____D C:\Users\Alex\AppData\Local\Microsoft_Corp
2011-04-27 16:12 - 2011-04-20 17:59 - 0111104 ____A C:\Users\Alex\Desktop\suburban.gmax
2011-04-26 20:09 - 2011-04-26 20:09 - 0000000 ____D C:\Users\Alex\AppData\Roaming\IObit
2011-04-26 20:09 - 2011-04-26 20:09 - 0000000 ____D C:\Program Files (x86)\IObit
2011-04-26 18:36 - 2011-04-26 18:36 - 0001757 ____A C:\Users\Alex\Desktop\Fallout 3.lnk
2011-04-26 18:10 - 2011-04-24 08:15 - 0000000 ____D C:\Program Files (x86)\GeMM
2011-04-26 17:26 - 2011-04-26 17:19 - 0000000 ____D C:\Users\Alex\Desktop\Fallout 3
2011-04-25 20:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Microsoft.NET
2011-04-25 19:26 - 2011-04-25 19:26 - 0000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2011-04-25 19:26 - 2011-04-25 19:26 - 0000000 __SHD C:\Users\DefaultAppPool\Templates
2011-04-25 19:26 - 2011-04-25 19:26 - 0000000 __SHD C:\Users\DefaultAppPool\Start Menu
2011-04-25 19:26 - 2011-04-25 19:26 - 0000000 __SHD C:\Users\DefaultAppPool\PrintHood
2011-04-25 19:26 - 2011-04-25 19:26 - 0000000 __SHD C:\Users\DefaultAppPool\NetHood
2011-04-25 19:26 - 2011-04-25 19:26 - 0000000 __SHD C:\Users\DefaultAppPool\My Documents
2011-04-25 19:26 - 2011-04-25 19:26 - 0000000 __SHD C:\Users\DefaultAppPool\Documents\My Videos
2011-04-25 19:26 - 2011-04-25 19:26 - 0000000 __SHD C:\Users\DefaultAppPool\Documents\My Pictures
2011-04-25 19:26 - 2011-04-25 19:26 - 0000000 __SHD C:\Users\DefaultAppPool\Documents\My Music
2011-04-25 19:26 - 2011-04-25 19:26 - 0000000 __SHD C:\Users\DefaultAppPool\AppData\Local\Temporary Internet Files
2011-04-25 19:26 - 2011-04-25 19:26 - 0000000 __SHD C:\Users\DefaultAppPool\AppData\Local\History
2011-04-25 19:26 - 2011-04-25 19:26 - 0000000 ____D C:\Users\DefaultAppPool\AppData\LocalLow
2011-04-25 19:26 - 2011-04-25 19:26 - 0000000 ____D C:\users\DefaultAppPool
2011-04-25 19:25 - 2011-04-25 19:24 - 0021210 ____A C:\Windows\iis7.log
2011-04-25 19:25 - 2011-04-16 12:59 - 0805464 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-04-25 19:24 - 2011-04-25 19:24 - 0000000 ____D C:\Windows\SysWOW64\BestPractices
2011-04-25 19:24 - 2011-04-25 19:24 - 0000000 ____D C:\Windows\System32\BestPractices
2011-04-25 19:24 - 2011-04-25 19:24 - 0000000 ____D C:\inetpub
2011-04-25 19:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\inetsrv
2011-04-25 19:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\inetsrv
2011-04-24 14:35 - 2011-04-24 14:35 - 0000000 ____D C:\Users\Alex\AppData\Local\DDMSettings
2011-04-24 08:16 - 2011-04-24 08:16 - 0000000 ____D C:\Users\Alex\Documents\FOMM
2011-04-24 08:16 - 2011-04-24 08:16 - 0000000 ____D C:\Games
2011-04-24 08:15 - 2011-04-24 08:15 - 0000000 ____D C:\Users\Alex\AppData\Local\FOMM
2011-04-23 21:09 - 2011-04-23 21:08 - 0000000 ____D C:\Program Files (x86)\DivX
2011-04-23 21:09 - 2011-04-23 21:07 - 0000000 ____D C:\Users\All Users\DivX
2011-04-23 21:09 - 2011-04-23 21:07 - 0000000 ____D C:\ProgramData\DivX
2011-04-23 17:08 - 2011-04-16 21:29 - 0000000 ____D C:\Users\Alex\AppData\Local\Fallout3
2011-04-23 11:20 - 2011-04-23 11:13 - 254953660 ____A C:\Users\Alex\Downloads\Watermask_Tutorial.zip
2011-04-23 07:05 - 2011-04-18 16:25 - 0000000 ____D C:\SBuilderX
2011-04-22 14:43 - 2011-04-22 14:43 - 0000000 ____D C:\Users\All Users\Google
2011-04-22 14:43 - 2011-04-22 14:43 - 0000000 ____D C:\ProgramData\Google
2011-04-22 14:15 - 2011-05-24 22:13 - 0027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2011-04-22 14:13 - 2011-04-22 14:13 - 0002117 ____A C:\Users\Public\Desktop\Google Earth.lnk
2011-04-22 14:13 - 2011-04-16 11:43 - 0000000 ____D C:\Users\Alex\AppData\Local\Google
2011-04-21 14:40 - 2011-04-21 14:40 - 0010193 ____A C:\Users\Alex\Downloads\0_excl_FTX_CRM_GUID_all.zip
2011-04-20 18:38 - 2011-04-20 18:38 - 0000160 ____A C:\Users\Alex\Documents\Java Spaceship Game.txt
2011-04-19 20:20 - 2011-04-16 14:02 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2011-04-19 17:50 - 2011-04-19 17:50 - 0000000 ____D C:\Users\Alex\Documents\Instant Scenery Files
2011-04-19 17:50 - 2011-04-19 17:17 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Flight1
2011-04-19 17:15 - 2011-04-19 17:15 - 0002048 ____A C:\Windows\iscen2.lic
2011-04-19 17:15 - 2011-04-19 17:15 - 0000000 ____D C:\Flight One Software
2011-04-19 16:29 - 2011-04-19 16:27 - 49051078 ____A C:\Users\Alex\Downloads\CAK3 Beta installer.zip
2011-04-19 13:12 - 2011-04-19 13:12 - 0008901 ____A C:\Users\Alex\Downloads\tfw2inf.zip
2011-04-19 12:56 - 2011-04-19 12:44 - 264715953 ____A C:\Users\Alex\Downloads\FTXAU_Colour_Match_Tutorial.zip
2011-04-19 12:48 - 2011-04-19 12:48 - 0620243 ____A C:\Users\Alex\Downloads\Orbx_Objectflow_SDK_V1.00.zip
2011-04-18 16:32 - 2011-04-18 16:31 - 0000000 ____D C:\Airport Design Editor
2011-04-17 10:00 - 2011-04-16 11:41 - 0000174 ___SH C:\Users\Alex\Start Menu\Programs\Startup\desktop.ini
2011-04-17 10:00 - 2011-04-16 11:41 - 0000174 ___SH C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-04-17 09:56 - 2009-07-13 23:47 - 0000000 ____D C:\Program Files\Windows Journal
2011-04-17 09:56 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\en
2011-04-17 09:56 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-04-17 09:56 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2011-04-17 09:56 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2011-04-17 09:56 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2011-04-17 09:56 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2011-04-17 09:56 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2011-04-17 09:56 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2011-04-17 09:56 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\wbem
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\wbem
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2011-04-17 09:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-04-17 09:14 - 2011-04-17 09:12 - 0444822 ____A C:\Windows\msxml4-KB973688-enu.LOG
2011-04-17 09:12 - 2011-04-17 09:10 - 0443296 ____A C:\Windows\msxml4-KB954430-enu.LOG
2011-04-17 08:59 - 2009-07-13 18:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2011-04-17 08:59 - 2009-07-13 18:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2011-04-17 08:54 - 2011-04-17 08:54 - 0000000 ____D C:\Windows\System32\SPReview
2011-04-17 08:54 - 2011-04-17 08:54 - 0000000 ____D C:\Windows\System32\EventProviders
2011-04-17 06:58 - 2011-04-17 06:58 - 0000000 ____D C:\Users\Alex\AppData\Local\Adobe
2011-04-17 06:58 - 2011-04-16 12:39 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Adobe
2011-04-17 06:52 - 2011-04-16 14:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Games
2011-04-16 22:21 - 2011-04-25 19:26 - 0000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2011-04-16 22:21 - 2011-04-16 22:21 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2011-04-16 22:21 - 2011-04-16 22:21 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2011-04-16 21:24 - 2011-04-16 21:24 - 0000000 ____D C:\Program Files (x86)\Bethesda Softworks
2011-04-16 21:23 - 2011-04-16 21:23 - 0000000 ____D C:\Windows\SysWOW64\xlive
2011-04-16 19:05 - 2011-04-16 19:05 - 0000000 ____A C:\Windows\exctrlst.INI
2011-04-16 19:04 - 2011-04-16 19:04 - 0000000 ____D C:\Program Files\Common Files\logishrd
2011-04-16 18:59 - 2011-04-16 18:59 - 0000056 ___AH C:\Windows\SysWOW64\ezsidmv.dat
2011-04-16 18:58 - 2011-04-16 18:58 - 0000000 ____D C:\Program Files (x86)\Resource Kit
2011-04-16 18:24 - 2011-04-16 18:24 - 0000000 ____D C:\Program Files (x86)\BitTorrent
2011-04-16 18:16 - 2011-04-16 18:16 - 0000000 ____D C:\Users\Alex\AppData\Local\IsolatedStorage
2011-04-16 16:19 - 2011-04-16 16:19 - 0000000 ____D C:\Program Files\7-Zip
2011-04-16 16:03 - 2011-04-16 16:03 - 0000000 ____D C:\Users\All Users\Applications
2011-04-16 16:03 - 2011-04-16 16:03 - 0000000 ____D C:\ProgramData\Applications
2011-04-16 15:27 - 2011-04-16 15:27 - 0000000 ____D C:\Users\Alex\.thumbnails
2011-04-16 15:26 - 2011-04-16 15:26 - 0001095 ____A C:\Users\Public\Desktop\GIMP 2.lnk
2011-04-16 15:26 - 2011-04-16 15:26 - 0000000 ____D C:\Users\Alex\Documents\gegl-0.0
2011-04-16 15:26 - 2011-04-16 15:26 - 0000000 ____D C:\Program Files (x86)\GIMP-2.0
2011-04-16 14:51 - 2011-04-16 14:51 - 0000000 ____D C:\Users\Alex\AppData\Local\Microsoft Game Studios
2011-04-16 14:29 - 2011-04-16 14:29 - 0001313 ____A C:\Windows\TSSysprep.log
2011-04-16 14:29 - 2009-07-13 21:01 - 0042049 ____A C:\Windows\SysWOW64\license.rtf
2011-04-16 14:29 - 2009-07-13 21:01 - 0042049 ____A C:\Windows\System32\license.rtf
2011-04-16 14:29 - 2009-07-13 20:46 - 0001774 ____A C:\Windows\DtcInstall.log
2011-04-16 14:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2011-04-16 14:27 - 2009-07-13 23:46 - 0000000 ____D C:\Windows\CSC
2011-04-16 14:22 - 2011-04-16 14:22 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0
2011-04-16 14:02 - 2011-04-16 14:02 - 0000000 ____D C:\Windows\PCHEALTH
2011-04-16 14:02 - 2011-04-16 14:00 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2011-04-16 14:02 - 2011-04-16 13:42 - 0000000 ____D C:\Program Files (x86)\Microsoft.NET
2011-04-16 14:01 - 2011-04-16 14:01 - 0000000 ____D C:\Program Files\Microsoft Office
2011-04-16 14:01 - 2009-07-13 23:46 - 0000000 ____D C:\Windows\ShellNew
2011-04-16 14:00 - 2011-04-16 14:00 - 0000000 __RHD C:\MSOCache
2011-04-16 14:00 - 2011-04-16 14:00 - 0000000 ____D C:\Users\Alex\AppData\Local\Microsoft Help
2011-04-16 13:50 - 2011-04-16 13:43 - 0000000 ____D C:\Windows\SysWOW64\directx
2011-04-16 13:49 - 2011-04-16 13:43 - 0000000 ___HD C:\Windows\msdownld.tmp
2011-04-16 13:10 - 2011-04-16 13:10 - 0001945 ____A C:\Windows\epplauncher.mif
2011-04-16 12:59 - 2011-04-16 12:59 - 0000000 ____D C:\Program Files\Microsoft Security Client
2011-04-16 12:59 - 2011-04-16 12:59 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2011-04-16 12:57 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\debug
2011-04-16 12:52 - 2011-04-16 12:52 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01007.Wdf
2011-04-16 12:47 - 2011-04-16 12:47 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2011-04-16 12:47 - 2011-04-16 12:46 - 0000000 ___RD C:\Program Files (x86)\Skype
2011-04-16 12:46 - 2011-04-16 12:46 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2011-04-16 12:46 - 2011-04-16 12:46 - 0000000 ____D C:\Users\All Users\Skype
2011-04-16 12:46 - 2011-04-16 12:46 - 0000000 ____D C:\ProgramData\Skype
2011-04-16 12:39 - 2011-04-16 12:39 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Macromedia
2011-04-16 11:49 - 2011-04-16 11:49 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2011-04-16 11:49 - 2011-04-16 11:49 - 0000000 ____D C:\ProgramData\NVIDIA Corporation
2011-04-16 11:49 - 2011-04-16 11:49 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2011-04-16 11:49 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\restore
2011-04-16 11:43 - 2011-04-16 11:43 - 0000000 ____D C:\Users\Alex\AppData\Local\Deployment
2011-04-16 11:43 - 2011-04-16 11:43 - 0000000 ____D C:\Users\Alex\AppData\Local\Apps\2.0
2011-04-16 11:41 - 2011-04-16 15:26 - 0000000 ____D C:\Windows\Panther
2011-04-16 11:41 - 2011-04-16 11:41 - 0000020 ___SH C:\Users\Alex\ntuser.ini
2011-04-16 11:41 - 2011-04-16 11:41 - 0000000 __SHD C:\Users\Alex\Templates
2011-04-16 11:41 - 2011-04-16 11:41 - 0000000 __SHD C:\Users\Alex\Start Menu
2011-04-16 11:41 - 2011-04-16 11:41 - 0000000 __SHD C:\Users\Alex\PrintHood
2011-04-16 11:41 - 2011-04-16 11:41 - 0000000 __SHD C:\Users\Alex\NetHood
2011-04-16 11:41 - 2011-04-16 11:41 - 0000000 __SHD C:\Users\Alex\My Documents
2011-04-16 11:41 - 2011-04-16 11:41 - 0000000 __SHD C:\Users\Alex\Documents\My Videos
2011-04-16 11:41 - 2011-04-16 11:41 - 0000000 __SHD C:\Users\Alex\Documents\My Pictures
2011-04-16 11:41 - 2011-04-16 11:41 - 0000000 __SHD C:\Users\Alex\Documents\My Music
2011-04-16 11:41 - 2011-04-16 11:41 - 0000000 __SHD C:\Users\Alex\AppData\Local\Temporary Internet Files
2011-04-16 11:41 - 2011-04-16 11:41 - 0000000 __SHD C:\Users\Alex\AppData\Local\History
2011-04-16 11:41 - 2011-04-16 11:41 - 0000000 __SHD C:\Recovery
2011-04-16 11:41 - 2011-04-16 11:41 - 0000000 ____D C:\Users\Alex\AppData\Local\VirtualStore
2011-04-16 11:41 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2011-04-16 11:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Recovery
2011-04-16 11:41 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2011-04-09 14:55 - 2011-04-09 14:55 - 15453336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xlive.dll
2011-04-09 14:55 - 2011-04-09 14:55 - 13642904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xlivefnt.dll
2011-04-09 14:55 - 2011-04-09 14:55 - 0179261 ____A C:\Windows\SysWOW64\xlive.dll.cat
2011-04-08 23:02 - 2011-05-10 15:13 - 5562240 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-04-08 22:58 - 2011-05-14 08:36 - 0142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2011-04-08 22:02 - 2011-05-10 15:13 - 3967872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-04-08 22:02 - 2011-05-10 15:13 - 3912576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-04-08 21:56 - 2011-05-14 08:36 - 0123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2011-04-06 12:26 - 2011-04-06 12:26 - 0237856 ____A (Apple Inc.) C:\Windows\System32\dnssdX.dll
2011-04-06 12:26 - 2011-04-06 12:26 - 0119584 ____A (Apple Inc.) C:\Windows\System32\dns-sd.exe
2011-04-06 12:26 - 2011-04-06 12:26 - 0096544 ____A (Apple Inc.) C:\Windows\System32\dnssd.dll
2011-04-06 12:26 - 2011-04-06 12:26 - 0069408 ____A (Apple Inc.) C:\Windows\System32\jdns_sd.dll
2011-04-06 12:20 - 2011-04-06 12:20 - 0197920 ____A (Apple Inc.) C:\Windows\SysWOW64\dnssdX.dll
2011-04-06 12:20 - 2011-04-06 12:20 - 0107808 ____A (Apple Inc.) C:\Windows\SysWOW64\dns-sd.exe
2011-04-06 12:20 - 2011-04-06 12:20 - 0091424 ____A (Apple Inc.) C:\Windows\SysWOW64\dnssd.dll
2011-04-06 12:20 - 2011-04-06 12:20 - 0075040 ____A (Apple Inc.) C:\Windows\SysWOW64\jdns_sd.dll
2011-03-24 19:29 - 2011-05-10 15:12 - 0343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2011-03-24 19:29 - 2011-05-10 15:12 - 0325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2011-03-24 19:29 - 2011-05-10 15:12 - 0098816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2011-03-24 19:29 - 2011-05-10 15:12 - 0052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2011-03-24 19:29 - 2011-05-10 15:12 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2011-03-24 19:28 - 2011-05-10 15:12 - 0007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys

========================= Known DLLs =========================

[2009-07-13 16:41] - [2009-07-13 17:40] - 0877056 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2011-04-17 08:52] - [2010-11-20 04:18] - 0640512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
[2009-07-13 16:00] - [2009-07-13 17:40] - 0607744 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
[2009-07-13 15:44] - [2009-07-13 17:15] - 0522240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\clbcatq.dll
[2011-04-17 08:52] - [2010-11-20 05:25] - 0594432 ____A (Microsoft Corporation) C:\Windows\System32\comdlg32.dll
[2011-04-17 08:52] - [2010-11-20 04:18] - 0485888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.dll
[2011-04-17 08:52] - [2010-11-20 05:26] - 0403968 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2011-04-17 08:52] - [2010-11-20 04:08] - 0311296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
[2011-04-17 08:53] - [2010-11-20 05:26] - 2444288 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
[2011-04-17 08:53] - [2010-11-20 04:19] - 2064384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IERTUTIL.dll
[2011-04-17 08:51] - [2010-11-20 05:26] - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
[2011-04-17 08:51] - [2010-11-20 04:19] - 0155136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMAGEHLP.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0167424 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
[2011-04-17 08:51] - [2010-11-20 04:08] - 0119808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMM32.dll
[2011-04-17 08:53] - [2010-11-20 05:26] - 1161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2011-04-17 08:52] - [2010-11-20 04:08] - 0837632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
[2009-07-13 15:25] - [2009-07-13 17:11] - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\LPK.dll
[2009-07-13 15:40] - [2009-07-13 17:41] - 1067008 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
[2009-07-13 15:28] - [2009-07-13 17:15] - 0828928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCTF.dll
[2009-07-13 15:19] - [2009-07-13 17:41] - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
[2009-07-13 15:12] - [2009-07-13 17:15] - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRT.dll
[2009-07-13 15:26] - [2009-07-13 17:31] - 0002560 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
[2009-07-13 15:15] - [2009-07-13 17:09] - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NORMALIZ.dll
[2009-07-13 15:21] - [2009-07-13 17:41] - 0013824 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll
[2009-07-13 15:12] - [2009-07-13 17:16] - 0008704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NSI.dll
[2011-04-17 08:53] - [2010-11-20 05:27] - 2086912 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2011-04-17 08:53] - [2010-11-20 04:20] - 1414144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
[2011-04-17 08:53] - [2010-11-20 05:27] - 0861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
[2011-04-17 08:52] - [2010-11-20 04:20] - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
[2009-07-13 15:26] - [2009-07-13 17:41] - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\PSAPI.dll
[2009-07-13 15:15] - [2009-07-13 17:16] - 0006144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PSAPI.dll
[2011-04-17 08:53] - [2010-11-20 05:27] - 1219584 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2011-04-17 08:52] - [2010-11-20 04:08] - 0663040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
[2009-07-13 15:20] - [2009-07-13 17:41] - 0113664 ____A (Microsoft Corporation) C:\Windows\System32\sechost.dll
[2009-07-13 15:11] - [2009-07-13 17:16] - 0092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
[2011-04-17 08:53] - [2010-11-20 05:27] - 1900544 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
[2011-04-17 08:52] - [2010-11-20 04:21] - 1667584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Setupapi.dll
[2011-04-17 08:53] - [2010-11-20 05:27] - 14174208 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
[2011-04-17 08:53] - [2010-11-20 04:21] - 12872192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
[2011-04-17 08:52] - [2010-11-20 05:27] - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
[2011-04-17 08:52] - [2010-11-20 04:21] - 0350208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SHLWAPI.dll
[2011-04-16 12:46] - [2011-03-06 22:31] - 1491456 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
[2011-04-16 12:46] - [2011-03-06 21:33] - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
[2011-04-17 08:53] - [2010-11-20 05:27] - 1008128 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2011-04-17 08:52] - [2010-11-20 04:08] - 0833024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
[2011-04-17 08:52] - [2010-11-20 05:27] - 0800256 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll
[2011-04-17 08:52] - [2010-11-20 04:21] - 0626176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\USP10.dll
[2009-07-13 15:57] - [2009-07-13 17:41] - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\version.dll
[2009-07-13 15:41] - [2009-07-13 17:16] - 0021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\version.dll
[2011-04-16 12:46] - [2011-03-06 22:31] - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
[2011-04-16 12:46] - [2011-03-06 21:33] - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
[2011-04-17 08:52] - [2010-11-20 05:27] - 0312832 ____A (Microsoft Corporation) C:\Windows\System32\wldap32.dll
[2011-04-17 08:52] - [2010-11-20 04:21] - 0269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wldap32.dll
[2011-04-17 08:52] - [2010-11-20 05:27] - 0297984 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll
[2011-04-17 08:52] - [2010-11-20 04:21] - 0206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WS2_32.dll

================== Bamital & volsnap Check ===================

C:\Windows\System32\winlogon.exe
[2011-04-17 08:52] - [2010-11-20 05:25] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457

C:\Windows\System32\wininit.exe
[2009-07-13 15:52] - [2009-07-13 17:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA

C:\Windows\explorer.exe
[2011-04-26 19:39] - [2011-02-24 22:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\System32\Drivers\volsnap.sys
[2011-04-17 08:52] - [2010-11-20 05:34] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639


========================= Memory info ========================

Percentage of memory in use: 15%
Total physical RAM: 4095.05 MB
Available physical RAM: 3474.94 MB
Total Pagefile: 4093.2 MB
Available Pagefile: 3463.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions ===========================

1 Drive c: () (Fixed) (Total:698.54 GB) (Free:534.43 GB) NTFS
2 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.37 GB) (Free:0 GB) UDF
3 Drive f: (Clickfree_System) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS
4 Drive g: (CF_Storage) (Removable) (Total:148.85 GB) (Free:76.12 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:42 AM

Posted 16 June 2011 - 03:54 PM

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

**************

I see this entry:

2011-06-16 00:50 - 2010-11-20 05:28 - 0780008 ____A (Microsoft Corporation) C:\ci.dll

The original ci.dll is in System32 directory and it should be there. Issue is not ci.dll. What I would like to know before fixing the boot problem is that you give me feedback. Have you done anything with the original ci.dll?

#5 alexgoff

alexgoff
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 16 June 2011 - 04:33 PM

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

**************

I see this entry:

2011-06-16 00:50 - 2010-11-20 05:28 - 0780008 ____A (Microsoft Corporation) C:\ci.dll

The original ci.dll is in System32 directory and it should be there. Issue is not ci.dll. What I would like to know before fixing the boot problem is that you give me feedback. Have you done anything with the original ci.dll?


This is a family computer and people have been using file sharing software, which is I believe how it ended up in the state it's currently in. Once it's fixed I'm going to start tightening things up a bit around here <_<

As for the ci.dll, I was reading other forums before I realized I was dealing with malware and their advice was to replace the corrupted ci.dll from another copy of Windows 7 x64. I did so using a thumb drive and command prompt in System Recovery Options. The ci.dll I put in is completely untouched for a new installation of Windows 7 and so I don't think that would have furthered the problem, or would it have? Anyways, that entry is there from a botched attempt to fix the problem.

Thanks!

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:42 AM

Posted 16 June 2011 - 04:40 PM

The ci.dll I put in is completely untouched for a new installation of Windows 7 and so I don't think that would have furthered the problem, or would it have?

Thanks for the feedback. The original copy of ci.dll is still in System32 directory. If that is the case please confirm it. In that case there is no issue and we can proceed with the real fix of the problem.

#7 alexgoff

alexgoff
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 16 June 2011 - 04:41 PM

The original copy of ci.dll is still in C:\Windows\System32, and Startup Repair still shows it as being corrupt, exact same issue as when the problem began. Thanks again!

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:42 AM

Posted 16 June 2011 - 04:46 PM

I am aware of the error but ci.dll is neither missing nor corrupted. That is the error malware has caused.

Open notepad. Please copy the contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

cmd: bootrec /FixMbr
cmd: bcdedit /set {default} winpe no

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let the computer boot normally and tell me how it went.

#9 alexgoff

alexgoff
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 16 June 2011 - 04:57 PM

Thank you very much! It booted and everything seems ok, I suppose there will have to be some virus cleanup though.

Here's the fixlog.txt

Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.0.9)
Ran by SYSTEM at 2011-06-16 17:53:32 R:1
Running from G:\

==============================================


========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


========= bcdedit /set {default} winpe no =========

The operation completed successfully.

========= End of CMD: =========


Donation coming :wink:

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:42 AM

Posted 16 June 2011 - 05:09 PM

Great. :thumbsup:

  • Please remove the following cracked software as it is probably the source of malware that infected the MBR.

    C:\Users\Alex\Downloads\tropico3_117_patch_d2d.zip
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:42 AM

Posted 16 June 2011 - 05:19 PM

Please don't miss my previous post.

Just to let you know it is too late over here and I will see the log tomorrow. The main infection is taken care of and we will check the system thoroughly for any inactive vulnerability.

#12 alexgoff

alexgoff
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 19 June 2011 - 05:12 PM

Ok I ran the scan and here's the log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6873

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

6/16/2011 6:40:29 PM
mbam-log-2011-06-16 (18-40-29).txt

Scan type: Full scan (C:\|)
Objects scanned: 417830
Time elapsed: 41 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Alex\AppData\Local\Temp\temp1_tropico.3.1.09.serial.keys.gen.zip\tropico.3.1.09.serial.keys.gen.exe (Spyware.Passwords.NGen) -> Quarantined and deleted successfully.


Since the removal the computer is noticeable slower, the web browsing especially

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:42 AM

Posted 19 June 2011 - 05:24 PM

Thanks for the donation.:)

Are you observing anything else other than slowness?

Let's take a look at the system.

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Click Run Scan button.
  • Two reports will open, copy and paste OTL.txt and attacht Extra.txt to your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:42 AM

Posted 25 June 2011 - 07:40 PM

Are you still there?

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:42 AM

Posted 02 July 2011 - 10:11 AM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you. If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users