Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV Protection Virus - Cannot boot even in safe mode


  • This topic is locked This topic is locked
31 replies to this topic

#1 SarahDoughnut717

SarahDoughnut717

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 27 November 2011 - 09:35 PM

My brother's computer has a virus, the AV Protection virus. I tried to follow the removal guide, but when I was able to log onto his user account in safe mode, the computer kept either restarting, or stopping any process I tried, every single anti-malware program. Now its gotten so bad that I couldn't log on, even in safe mode. I couldn't get past the welcome screen, every time i tried to log in it said an error message 'User login failed to execute' or something like that. I went to another forum and they gave me instructions on getting the reatogo desktop so I could find the info they need. I have the info but they never responded. here is the registry info:


OTL logfile created on: 11/27/2011 5:25:53 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 88.22 Gb Free Space | 59.78% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto] -- -- (TosCoSrv)
SRV - File not found [Auto] -- -- (MSK80Service)
SRV - File not found [Auto] -- -- (MpfService)
SRV - File not found [On_Demand] -- -- (McSysmon)
SRV - File not found [Auto] -- -- (McProxy)
SRV - File not found [Auto] -- -- (mcmscsvc)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [Auto] -- -- (Apple Mobile Device)
SRV - [2011/11/08 22:53:19 | 000,532,480 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2011/11/08 22:53:16 | 000,196,608 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2011/11/08 22:53:12 | 000,225,280 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2011/11/08 22:53:10 | 000,294,912 | ---- | M] () [Auto] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2011/11/08 22:53:05 | 000,765,952 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/11/08 22:53:04 | 002,584,576 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2011/11/08 22:52:56 | 000,569,344 | ---- | M] (WildTangent, Inc.) [Auto] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2011/11/08 22:52:55 | 000,598,016 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/11/08 22:52:48 | 000,188,416 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2011/05/28 01:09:00 | 001,512,735 | -H-- | M] () [Auto] -- C:\ProgramData\dimlopmnjebx.dat -- (SENS)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand] -- -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IO_Memory)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/11/26 20:51:54 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\1970516416 -- (c0b17375)
DRV - [2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/18 19:35:53 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110415.001\bhdrvx86.sys -- (BHDrvx86)
DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\navex15.sys -- (NAVEX15)
DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\naveng.sys -- (NAVENG)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys -- (SymEFA)
DRV - [2011/03/14 21:29:00 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110330.001\idsvix86.sys -- (IDSVix86)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/01/19 02:42:48 | 000,227,896 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2008/01/19 02:41:52 | 000,035,384 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2007/09/19 13:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/07/24 15:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 10:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 12:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 12:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 12:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 12:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/06/01 16:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 01:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 01:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 07:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25402

IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?ie=UTF-8&hl=en
IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/mswmp,version=1.0: C:\Program Files\SpiralFrog\wmp\np-mswmp.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SpiralFrog.com/Download Manager,version=1.0.0: C:\Program Files\SpiralFrog\NPSFDMGR.dll (SpiralFrog Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.528.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/23 15:33:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/23 15:33:05 | 000,000,000 | ---D | M]

[2010/12/08 17:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Steven_User_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [0D1.exe] C:\Program Files\LP\4849\0D1.exe ()
O4 - HKLM..\Run: [FcSibD3pn4Q6W7E] C:\Users\Steven User\AppData\Roaming\dwme.exe ()
O4 - HKLM..\Run: [Gamevance] File not found
O4 - HKLM..\Run: [j1ivD3onFaHsJdL8234A] C:\Windows\System32\System Security 2012v121.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [rdWK8fRL9TqUeIr8234A] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe (SpiralFrog)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\Guest_ON_C..\Run: [swg] File not found
O4 - HKU\Guest_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Guest_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steven_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Steven_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steven_User_ON_C..\Run: [0D1.exe] C:\Users\Steven User\AppData\Roaming\Microsoft\4849\0D1.exe ()
O4 - HKU\Steven_User_ON_C..\Run: [1Y5U7AYUWGXY3X8WVZDKGNVBRXW] C:\Fonts\6DFBBA77D25.exe (Ankord Development Group)
O4 - HKU\Steven_User_ON_C..\Run: [CvS2obF3pGa8234A] File not found
O4 - HKU\Steven_User_ON_C..\Run: [Privacy Protection] C:\ProgramData\privacy.exe (mIRC Co. Ltd.)
O4 - HKU\Steven_User_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Steven_User_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: c0b17375 = C:\Users\Steven User\AppData\Roaming\csrss.exe
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - File not found
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Steven_User_ON_C Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Local\c0b17375\X) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/26 18:04:15 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\RucS2ibD3n4Q6W
[2011/11/26 18:04:14 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\iL9gTXqjYeIrOtA
[2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard
[2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F
[2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/11/18 00:11:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2011/11/18 00:07:17 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\CrashDumps
[2011/11/17 23:13:58 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\NPE
[2011/11/17 23:07:14 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/11/17 22:52:39 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/17 22:52:11 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys
[2011/11/17 22:52:11 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/11/17 22:52:11 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys
[2011/11/17 22:52:11 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/11/17 22:52:11 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
[2011/11/17 22:52:11 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\ironx86.sys
[2011/11/17 22:52:11 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/11/17 22:51:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
[2011/11/17 22:50:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011/11/17 22:50:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/17 22:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/11/17 22:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2011/11/17 21:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/11/17 20:30:30 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011
[2011/11/17 20:30:22 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\RsQJ7dEK8R9YwUe
[2011/11/17 20:30:22 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\avD2onF4pH
[2011/11/17 20:30:14 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\QnG5aQH6dKf
[2011/11/17 20:30:12 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\WonF4pmH5Q7E8R9
[2011/11/15 17:09:26 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\30EF7
[2011/11/14 23:28:28 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\ZEoe6z4wogxWwAH
[2011/11/13 03:27:15 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\hrzONtxA0c2b3n4
[2011/11/13 03:21:57 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\XvDobF4pm5Q6E8R
[2011/11/13 03:21:57 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\U9hTXwjUeIrPyAu
[2011/11/13 03:21:49 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\l9gTXqjYCkVzNx0
[2011/11/13 03:21:47 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\NQJ6dEKfR9TwUeI
[2011/11/13 03:18:11 | 000,167,936 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Steven User\Desktop\0.4678522676718392.exe
[2011/11/11 22:33:19 | 000,968,704 | ---- | C] (mIRC Co. Ltd.) -- C:\ProgramData\privacy.exe
[2011/11/08 22:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\30EF7
[2011/11/08 22:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/11/08 22:58:02 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\90D30
[2011/11/08 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012
[2011/11/08 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\okIBrzONyAuSiF
[2011/11/08 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\NpnG5aQH6W7
[2011/11/08 22:57:32 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\LS1ibD3on4HsJfL
[2011/11/07 19:15:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/26 20:51:54 | 000,000,000 | ---- | M] () -- C:\Windows\1970516416
[2011/11/26 20:51:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/26 19:24:11 | 146,509,049 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/26 19:09:25 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/26 19:09:25 | 000,105,530 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/26 18:43:58 | 076,004,920 | -H-- | M] () -- C:\ProgramData\xbejnmpolmid.dat
[2011/11/26 18:38:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 18:38:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 18:04:15 | 000,001,927 | ---- | M] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
[2011/11/26 17:58:53 | 000,000,925 | ---- | M] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
[2011/11/26 17:57:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
[2011/11/26 16:31:41 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ej23jnm23.dat
[2011/11/26 16:31:31 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocejmiaiw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\odej23moc.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\muhmiaol23.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\metroosehw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\exeiuqolmis.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ewqlldnolmia.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\otiuqarcjra.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocmuhmjila.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\niw46mia23.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\busmjnolexe.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\46nololarc.dat
[2011/11/26 16:12:36 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\mia46mirmoc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\arcotniwniw.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\23hwmiamoc.dat
[2011/11/18 20:01:56 | 000,001,333 | ---- | M] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/11/18 20:01:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/11/18 18:20:45 | 000,775,673 | ---- | M] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
[2011/11/18 02:33:05 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
[2011/11/18 02:32:42 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlrmdr.exe
[2011/11/18 02:32:42 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpnotify.exe
[2011/11/18 02:32:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2011/11/18 02:31:59 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/11/18 02:31:15 | 000,318,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/11/18 02:29:40 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011/11/18 02:29:33 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasautou.exe
[2011/11/18 02:29:15 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2011/11/18 02:29:15 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/11/18 02:29:01 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printui.exe
[2011/11/18 02:28:41 | 000,520,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2011/11/18 02:28:41 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011/11/18 02:28:34 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011/11/18 02:28:32 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
[2011/11/18 02:28:27 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011/11/18 02:27:50 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2011/11/18 02:26:46 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/11/18 02:26:42 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011/11/18 02:26:33 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011/11/18 02:25:45 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011/11/18 02:24:18 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2011/11/18 02:23:55 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/11/18 02:23:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/11/18 02:22:41 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
[2011/11/18 02:22:13 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdbinst.exe
[2011/11/17 23:39:26 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_77621.nl_
[2011/11/17 23:18:19 | 002,284,298 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/17 23:16:36 | 006,691,812 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
[2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/17 22:52:39 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/17 22:52:39 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/17 22:52:17 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/17 22:52:16 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/11/17 20:30:31 | 000,001,814 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
[2011/11/17 18:52:35 | 000,968,704 | ---- | M] (mIRC Co. Ltd.) -- C:\ProgramData\privacy.exe
[2011/11/17 18:00:24 | 000,000,680 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
[2011/11/17 17:55:33 | 000,002,609 | ---- | M] () -- C:\Users\Steven User\Desktop\Microsoft Office Word 2003.lnk
[2011/11/16 00:04:52 | 000,437,248 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\java.exe
[2011/11/14 17:55:47 | 000,000,340 | ---- | M] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
[2011/11/13 03:55:52 | 000,760,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/11/13 03:27:36 | 000,437,248 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\dwme.exe
[2011/11/13 03:18:31 | 000,167,936 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Steven User\Desktop\0.4678522676718392.exe
[2011/11/11 22:33:21 | 000,657,042 | ---- | M] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
[2011/11/11 00:57:47 | 000,022,519 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/11/09 23:14:20 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011/11/09 21:09:08 | 001,818,624 | ---- | M] () -- C:\Windows\System32\System Security 2012v121.exe
[2011/11/09 01:58:19 | 000,215,552 | ---- | M] () -- C:\Windows\zip.exe
[2011/11/09 00:32:40 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
[2011/11/09 00:32:38 | 000,178,688 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
[2011/11/09 00:31:38 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/11/09 00:31:38 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2011/11/09 00:31:37 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011/11/09 00:31:37 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/11/09 00:31:36 | 000,393,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/11/09 00:31:36 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/11/09 00:31:35 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
[2011/11/09 00:31:35 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\write.exe
[2011/11/09 00:31:34 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
[2011/11/09 00:31:34 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/11/09 00:31:34 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcer.exe
[2011/11/09 00:31:31 | 003,364,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/11/09 00:31:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winver.exe
[2011/11/09 00:31:30 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/11/09 00:31:29 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/11/09 00:31:27 | 000,355,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/11/09 00:31:22 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2011/11/09 00:31:22 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
[2011/11/09 00:31:21 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\whoami.exe
[2011/11/09 00:31:21 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\where.exe
[2011/11/09 00:31:20 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011/11/09 00:31:20 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/11/09 00:31:19 | 001,007,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/11/09 00:31:18 | 001,290,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011/11/09 00:31:18 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/11/09 00:30:41 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011/11/09 00:30:41 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
[2011/11/09 00:30:40 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsp1cln.exe
[2011/11/09 00:30:40 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
[2011/11/09 00:30:39 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
[2011/11/09 00:30:39 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verclsid.exe
[2011/11/09 00:30:38 | 000,786,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011/11/09 00:30:37 | 000,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/11/09 00:30:37 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
[2011/11/09 00:30:36 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2011/11/09 00:30:35 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2011/11/09 00:30:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\typeperf.exe
[2011/11/09 00:30:34 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011/11/09 00:30:33 | 000,484,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2011/11/09 00:30:33 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011/11/09 00:30:33 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TRACERT.EXE
[2011/11/09 00:30:32 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
[2011/11/09 00:30:32 | 000,225,280 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\tosmreg.exe
[2011/11/09 00:30:31 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timeout.exe
[2011/11/09 00:30:30 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcmsetup.exe
[2011/11/09 00:30:19 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2011/11/09 00:30:19 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2011/11/09 00:30:18 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011/11/09 00:30:18 | 000,158,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TapiUnattend.exe
[2011/11/09 00:30:17 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesRemote.exe
[2011/11/09 00:30:17 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011/11/09 00:30:17 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systray.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesProtection.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesPerformance.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesHardware.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesComputerName.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesAdvanced.exe
[2011/11/09 00:30:14 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
[2011/11/09 00:30:11 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
[2011/11/09 00:30:11 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
[2011/11/09 00:30:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\subst.exe
[2011/11/09 00:29:58 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2011/11/09 00:29:58 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sort.exe
[2011/11/09 00:29:57 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011/11/09 00:29:57 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/11/09 00:29:54 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011/11/09 00:29:53 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011/11/09 00:29:52 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sigverif.exe
[2011/11/09 00:29:51 | 000,543,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
[2011/11/09 00:29:51 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
[2011/11/09 00:29:50 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setx.exe
[2011/11/09 00:29:50 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
[2011/11/09 00:29:49 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011/11/09 00:29:49 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
[2011/11/09 00:29:48 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/11/09 00:29:47 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/11/09 00:29:47 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011/11/09 00:29:46 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
[2011/11/09 00:29:46 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secinit.exe
[2011/11/09 00:29:44 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/11/09 00:29:44 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
[2011/11/09 00:29:43 | 000,299,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/11/09 00:29:42 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011/11/09 00:29:42 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sc.exe
[2011/11/09 00:29:42 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2011/11/09 00:29:41 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RunLegacyCPLElevated.exe
[2011/11/09 00:29:41 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runas.exe
[2011/11/09 00:29:39 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/11/09 00:29:39 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
[2011/11/09 00:29:39 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/11/09 00:29:38 | 000,235,008 | ---- | M] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011/11/09 00:29:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RmClient.exe
[2011/11/09 00:29:37 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/11/09 00:29:37 | 000,494,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/11/09 00:29:36 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/11/09 00:29:36 | 000,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/11/09 00:29:35 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\replace.exe
[2011/11/09 00:29:19 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2011/11/09 00:29:19 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2011/11/09 00:29:18 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/11/09 00:29:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
[2011/11/09 00:29:17 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011/11/09 00:29:17 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
[2011/11/09 00:29:17 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regedt32.exe
[2011/11/09 00:29:16 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recover.exe
[2011/11/09 00:29:15 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
[2011/11/09 00:29:15 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
[2011/11/09 00:29:15 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
[2011/11/09 00:29:14 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011/11/09 00:29:13 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2011/11/09 00:29:12 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2011/11/09 00:29:10 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/11/09 00:29:10 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/11/09 00:29:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\print.exe
[2011/11/09 00:29:09 | 000,436,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/11/09 00:29:09 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powercfg.exe
[2011/11/09 00:29:08 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/11/09 00:29:08 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011/11/09 00:29:08 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\plasrv.exe
[2011/11/09 00:29:07 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/11/09 00:29:07 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
[2011/11/09 00:29:06 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011/11/09 00:29:06 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011/11/09 00:29:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaui.exe
[2011/11/09 00:29:05 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaelv.exe
[2011/11/09 00:29:05 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcalua.exe
[2011/11/09 00:29:04 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
[2011/11/09 00:29:04 | 000,329,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011/11/09 00:29:04 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PATHPING.EXE
[2011/11/09 00:29:03 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
[2011/11/09 00:29:03 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\openfiles.exe
[2011/11/09 00:28:54 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.exe
[2011/11/09 00:28:53 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcad32.exe
[2011/11/09 00:28:53 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/11/09 00:28:52 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2011/11/09 00:28:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/11/09 00:28:49 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/11/09 00:28:48 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netsh.exe
[2011/11/09 00:28:48 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NetProj.exe
[2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
[2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/11/09 00:28:46 | 000,306,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011/11/09 00:28:46 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net.exe
[2011/11/09 00:28:45 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
[2011/11/09 00:28:44 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
[2011/11/09 00:28:42 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
[2011/11/09 00:28:41 | 000,632,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2011/11/09 00:28:41 | 000,612,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2011/11/09 00:28:41 | 000,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/11/09 00:28:40 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/09 00:28:37 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011/11/09 00:28:37 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
[2011/11/09 00:28:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
[2011/11/09 00:28:33 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/11/09 00:28:32 | 001,939,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011/11/09 00:28:19 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2011/11/09 00:28:17 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/11/09 00:28:16 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011/11/09 00:28:16 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011/11/09 00:28:16 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdRes.exe
[2011/11/09 00:28:15 | 001,086,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/11/09 00:28:15 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2011/11/09 00:28:14 | 000,857,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011/11/09 00:28:11 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011/11/09 00:28:10 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011/11/09 00:28:10 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/11/09 00:28:07 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/11/09 00:28:06 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2011/11/09 00:28:01 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\label.exe
[2011/11/09 00:28:01 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2011/11/09 00:28:00 | 000,286,720 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/11/09 00:28:00 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/11/09 00:27:59 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/11/09 00:27:58 | 000,313,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\irftp.exe
[2011/11/09 00:27:58 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicpl.exe
[2011/11/09 00:27:57 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011/11/09 00:27:57 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
[2011/11/09 00:27:48 | 001,060,864 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2011/11/09 00:27:46 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/11/09 00:27:46 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/11/09 00:27:45 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/11/09 00:27:45 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2011/11/09 00:27:44 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2011/11/09 00:27:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2011/11/09 00:27:42 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/11/09 00:27:41 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\help.exe
[2011/11/09 00:27:40 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\grpconv.exe
[2011/11/09 00:27:38 | 000,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011/11/09 00:27:38 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011/11/09 00:27:37 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2011/11/09 00:27:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/11/09 00:27:36 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/11/09 00:27:35 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\forfiles.exe
[2011/11/09 00:27:35 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontview.exe
[2011/11/09 00:27:35 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fltMC.exe
[2011/11/09 00:27:34 | 002,732,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2011/11/09 00:27:34 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallSettings.exe
[2011/11/09 00:27:34 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fixmapi.exe
[2011/11/09 00:27:33 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/11/09 00:27:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\find.exe
[2011/11/09 00:27:33 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/11/09 00:27:32 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011/11/09 00:27:31 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2011/11/09 00:27:30 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventvwr.exe
[2011/11/09 00:27:30 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventcreate.exe
[2011/11/09 00:27:29 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/11/09 00:27:29 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2011/11/09 00:27:15 | 000,400,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/11/09 00:27:15 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\efsui.exe
[2011/11/09 00:27:14 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2011/11/09 00:27:13 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dvdupgrd.exe
[2011/11/09 00:22:42 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2011/11/09 00:22:41 | 000,170,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2011/11/09 00:22:41 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dplaysvr.exe
[2011/11/09 00:22:40 | 000,554,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011/11/09 00:22:40 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2011/11/09 00:22:39 | 000,249,856 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/11/09 00:22:39 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\doskey.exe
[2011/11/09 00:22:38 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2011/11/09 00:22:38 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhst3g.exe
[2011/11/09 00:22:37 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/11/09 00:22:37 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/11/09 00:22:37 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskperf.exe
[2011/11/09 00:22:36 | 000,241,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2011/11/09 00:22:36 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dialer.exe
[2011/11/09 00:22:35 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011/11/09 00:22:35 | 000,311,296 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2011/11/09 00:22:34 | 000,244,224 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2011/11/09 00:22:34 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2011/11/09 00:22:34 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2011/11/09 00:22:33 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011/11/09 00:22:33 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceProperties.exe
[2011/11/09 00:22:32 | 000,374,272 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2011/11/09 00:22:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dcomcnfg.exe
[2011/11/09 00:22:29 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/11/09 00:22:29 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credwiz.exe
[2011/11/09 00:22:28 | 000,359,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\control.exe
[2011/11/09 00:22:28 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2011/11/09 00:22:27 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011/11/09 00:21:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2011/11/09 00:21:00 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2011/11/09 00:21:00 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comp.exe
[2011/11/09 00:21:00 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\compact.exe
[2011/11/09 00:20:58 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\colorcpl.exe
[2011/11/09 00:20:57 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011/11/09 00:20:57 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cofire.exe
[2011/11/09 00:20:56 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
[2011/11/09 00:20:56 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011/11/09 00:20:55 | 000,466,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011/11/09 00:20:55 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clip.exe
[2011/11/09 00:20:55 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdkey.exe
[2011/11/09 00:20:54 | 000,326,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cleanmgr.exe
[2011/11/09 00:20:54 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011/11/09 00:20:54 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cliconfg.exe
[2011/11/09 00:20:53 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\choice.exe
[2011/11/09 00:20:53 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkntfs.exe
[2011/11/09 00:20:52 | 000,946,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011/11/09 00:20:52 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\charmap.exe
[2011/11/09 00:20:52 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkdsk.exe
[2011/11/09 00:20:51 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011/11/09 00:20:51 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011/11/09 00:20:46 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011/11/09 00:20:46 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2011/11/09 00:20:45 | 000,241,664 | ---- | M] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2011/11/09 00:20:45 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011/11/09 00:20:44 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2011/11/09 00:20:42 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011/11/09 00:20:41 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011/11/09 00:20:39 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/11/09 00:20:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
[2011/11/09 00:20:38 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
[2011/11/09 00:20:38 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2011/11/09 00:20:38 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/11/09 00:20:36 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AdapterTroubleshooter.exe
[2011/11/09 00:20:35 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2011/11/09 00:19:23 | 000,246,272 | ---- | M] () -- C:\Windows\sed.exe
[2011/11/09 00:19:20 | 000,425,984 | ---- | M] (Toshiba America Information Systems) -- C:\Windows\SavePOH.exe
[2011/11/09 00:19:19 | 004,591,616 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/11/09 00:19:19 | 001,339,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2011/11/09 00:19:08 | 000,403,968 | ---- | M] () -- C:\Windows\PEV.exe
[2011/11/09 00:15:49 | 000,462,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2011/11/09 00:15:48 | 000,645,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2011/11/09 00:15:43 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2011/11/09 00:14:57 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/11/09 00:08:50 | 000,195,072 | ---- | M] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2011/11/09 00:05:34 | 000,430,080 | ---- | M] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
[2011/11/08 23:35:12 | 000,638,976 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\cselect.exe
[2011/11/08 22:59:47 | 001,267,298 | ---- | M] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
[2011/11/08 22:53:30 | 005,292,544 | ---- | M] (ParetoLogic, Inc.) -- C:\Users\Steven User\Desktop\PCHA.exe
[2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
[2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2011/11/08 22:52:17 | 000,133,632 | ---- | M] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
[2011/11/06 23:35:41 | 000,001,100 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
[2011/11/04 13:46:15 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/26 16:31:41 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ej23jnm23.dat
[2011/11/26 16:31:31 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocejmiaiw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\odej23moc.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\muhmiaol23.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\metroosehw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\exeiuqolmis.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ewqlldnolmia.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\otiuqarcjra.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocmuhmjila.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\niw46mia23.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\busmjnolexe.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\46nololarc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\mia46mirmoc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\arcotniwniw.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\23hwmiamoc.dat
[2011/11/18 20:01:56 | 000,001,333 | ---- | C] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/11/18 20:01:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F\isolate.ini
[2011/11/17 23:17:25 | 002,284,298 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/17 23:15:54 | 006,691,812 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
[2011/11/17 23:07:14 | 000,000,925 | ---- | C] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
[2011/11/17 22:52:39 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/17 22:52:39 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/17 22:52:16 | 000,002,151 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/11/17 22:52:11 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/11/17 22:52:11 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.cat
[2011/11/17 22:52:11 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.cat
[2011/11/17 22:52:11 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.cat
[2011/11/17 22:52:11 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/11/17 22:52:11 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/11/17 22:52:11 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.inf
[2011/11/17 22:52:11 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.inf
[2011/11/17 22:52:11 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/11/17 22:52:11 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.inf
[2011/11/17 22:52:11 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/11/17 22:52:11 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/11/17 22:52:11 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.inf
[2011/11/17 22:52:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
[2011/11/17 22:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.cat
[2011/11/17 20:30:31 | 000,001,927 | ---- | C] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
[2011/11/15 17:08:22 | 000,437,248 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\java.exe
[2011/11/13 03:21:49 | 000,437,248 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\dwme.exe
[2011/11/12 01:33:53 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_77621.nl_
[2011/11/11 22:32:20 | 000,657,042 | ---- | C] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
[2011/11/08 23:52:09 | 000,775,673 | ---- | C] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
[2011/11/08 22:59:47 | 000,430,080 | ---- | C] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
[2011/11/08 22:57:40 | 000,001,814 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
[2011/11/08 22:57:32 | 001,818,624 | ---- | C] () -- C:\Windows\System32\System Security 2012v121.exe
[2011/11/08 22:53:33 | 000,000,340 | ---- | C] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
[2011/11/08 22:52:12 | 001,267,298 | ---- | C] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
[2011/11/08 22:52:12 | 000,133,632 | ---- | C] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
[2011/06/06 21:59:30 | 000,000,680 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
[2011/06/05 22:09:49 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~30531320r
[2011/06/05 22:09:48 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~30531320
[2011/06/05 22:08:44 | 000,000,392 | -H-- | C] () -- C:\ProgramData\30531320
[2011/06/05 17:51:42 | 000,001,100 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
[2011/05/28 01:09:00 | 076,004,920 | -H-- | C] () -- C:\ProgramData\xbejnmpolmid.dat
[2011/05/28 01:09:00 | 003,748,983 | -H-- | C] () -- C:\Windows\System32\32mnj32je.dat
[2011/05/28 01:09:00 | 003,412,402 | -H-- | C] () -- C:\Windows\System32\com32jedo.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\winwintocra.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comrim64aim.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comaimwh32.dat
[2011/05/28 01:09:00 | 003,233,636 | -H-- | C] () -- C:\Windows\System32\wiaimjeco.dat
[2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\exelonjmsub.dat
[2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\alijmhumco.dat
[2011/05/28 01:09:00 | 002,938,007 | -H-- | C] () -- C:\Windows\System32\simloquiexe.dat
[2011/05/28 01:09:00 | 002,610,209 | -H-- | C] () -- C:\Windows\System32\arjcraquito.dat
[2011/05/28 01:09:00 | 002,554,671 | -H-- | C] () -- C:\Windows\System32\32aim64win.dat
[2011/05/28 01:09:00 | 002,499,132 | -H-- | C] () -- C:\Windows\System32\32loaimhum.dat
[2011/05/28 01:09:00 | 002,480,750 | -H-- | C] () -- C:\Windows\System32\cralolon64.dat
[2011/05/28 01:09:00 | 002,024,737 | -H-- | C] () -- C:\Windows\System32\aimlondllqwe.dat
[2011/05/28 01:09:00 | 002,016,254 | -H-- | C] () -- C:\Windows\System32\whesoortem.dat
[2011/05/28 01:09:00 | 001,512,735 | -H-- | C] () -- C:\ProgramData\dimlopmnjebx.dat
[2010/11/29 16:08:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/29 16:08:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/25 17:10:48 | 000,227,896 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/25 17:07:39 | 000,035,384 | ---- | C] () -- C:\Windows\System32\drivers\kbdclass.sys
[2010/11/24 14:42:18 | 000,000,680 | ---- | C] () -- C:\Users\Steven\AppData\Local\d3d9caps.dat
[2010/09/30 14:47:29 | 000,403,968 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/30 14:47:29 | 000,246,272 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/30 14:47:29 | 000,215,552 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/30 14:47:29 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/30 14:47:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/10 20:45:27 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/07/28 23:18:47 | 000,003,584 | ---- | C] () -- C:\Users\Guest\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 19:20:27 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/12/03 19:20:27 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT
[2008/10/26 11:26:38 | 000,006,656 | ---- | C] () -- C:\Users\Steven User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/16 19:10:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/29 17:35:45 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/11/06 18:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/11/06 18:13:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/11/06 18:13:22 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/11/06 18:13:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/11/06 18:13:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/11/06 17:33:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/11/06 17:33:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/11/06 17:33:44 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/11/06 17:33:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/09/13 18:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 18:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 18:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 18:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/05 16:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,321,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,607,658 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,530 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\DriverCure
[2010/10/04 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\gtk-2.0
[2010/12/15 15:03:25 | 000,000,000 | -HSD | M] -- C:\Users\Steven\AppData\Roaming\Internet Security Suite
[2010/07/11 15:05:20 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\My Battle for Middle-earth Files
[2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\ParetoLogic
[2008/04/06 10:57:17 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\TOSHIBA
[2008/03/29 17:43:54 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WildTangent
[2008/04/06 10:55:30 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WinBatch
[2011/11/15 17:09:26 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\30EF7
[2011/11/16 00:04:25 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\90D30
[2011/11/17 20:30:22 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\avD2onF4pH
[2011/06/05 22:05:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\BitTorrent
[2010/12/07 15:45:17 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\DriverCure
[2011/11/13 03:27:15 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\hrzONtxA0c2b3n4
[2011/11/26 18:04:14 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\iL9gTXqjYeIrOtA
[2011/11/13 03:21:49 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\l9gTXqjYCkVzNx0
[2011/11/08 22:57:32 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\LS1ibD3on4HsJfL
[2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth Files
[2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth™ II Files
[2011/11/08 22:57:40 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\NpnG5aQH6W7
[2011/11/13 03:21:47 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\NQJ6dEKfR9TwUeI
[2011/11/08 22:57:40 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\okIBrzONyAuSiF
[2010/12/07 15:45:12 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\ParetoLogic
[2011/11/17 20:30:14 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\QnG5aQH6dKf
[2011/11/17 20:30:30 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\RsQJ7dEK8R9YwUe
[2011/11/26 18:04:15 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\RucS2ibD3n4Q6W
[2011/11/13 03:27:08 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\U9hTXwjUeIrPyAu
[2009/12/13 16:18:55 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WeatherBug
[2008/06/27 16:19:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WinBatch
[2011/11/17 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\WonF4pmH5Q7E8R9
[2011/11/13 03:21:57 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\XvDobF4pm5Q6E8R
[2011/11/14 23:28:28 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\ZEoe6z4wogxWwAH
[2011/01/13 03:07:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\2f8725
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/06/06 22:12:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Flip Video
[2010/12/08 18:35:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\ISVZJKWXPS
[2010/09/10 19:40:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\MSDXBJHHS
[2011/06/05 21:17:26 | 000,000,000 | -H-D | M] -- C:\ProgramData\Napster
[2011/11/26 17:58:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\ParetoLogic
[2011/11/17 22:36:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2007/12/11 08:36:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\Toshiba
[2011/06/06 22:12:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2011/06/06 22:12:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2009/03/15 14:23:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2007/12/11 08:13:39 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/05/02 13:17:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/14 23:59:59 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/10/01 00:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/09/10 21:54:55 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011/11/26 16:31:01 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\Windows\1970516416:1062112394.exe
< End of report >

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:55 PM

Posted 27 November 2011 - 10:04 PM

:welcome:

  • Boot to OTLPE as you did before.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    O4 - HKLM..\Run: [0D1.exe] C:\Program Files\LP\4849\0D1.exe ()
    O4 - HKLM..\Run: [FcSibD3pn4Q6W7E] C:\Users\Steven User\AppData\Roaming\dwme.exe ()
    O4 - HKLM..\Run: [Gamevance] File not found
    O4 - HKLM..\Run: [j1ivD3onFaHsJdL8234A] C:\Windows\System32\System Security 2012v121.exe ()
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O4 - HKLM..\Run: [rdWK8fRL9TqUeIr8234A] File not found
    O4 - HKU\Guest_ON_C..\Run: [swg] File not found
    O4 - HKU\Steven_User_ON_C..\Run: [0D1.exe] C:\Users\Steven User\AppData\Roaming\Microsoft\4849\0D1.exe ()
    O4 - HKU\Steven_User_ON_C..\Run: [1Y5U7AYUWGXY3X8WVZDKGNVBRXW] C:\Fonts\6DFBBA77D25.exe (Ankord Development Group)
    O4 - HKU\Steven_User_ON_C..\Run: [CvS2obF3pGa8234A] File not found
    O4 - HKU\Steven_User_ON_C..\Run: [Privacy Protection] C:\ProgramData\privacy.exe (mIRC Co. Ltd.)
    O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: c0b17375 = C:\Users\Steven User\AppData\Roaming\csrss.exe
    O20 - HKU\Steven_User_ON_C Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Local\c0b17375\X) - File not found

    :files
    C:\Users\Steven User\AppData\Roaming\RucS2ibD3n4Q6W
    C:\Users\Steven User\AppData\Roaming\iL9gTXqjYeIrOtA
    C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011
    C:\Users\Steven User\AppData\Roaming\RsQJ7dEK8R9YwUe
    C:\Users\Steven User\AppData\Roaming\avD2onF4pH
    C:\Users\Steven User\AppData\Roaming\QnG5aQH6dKf
    C:\Users\Steven User\AppData\Roaming\WonF4pmH5Q7E8R9
    C:\Users\Steven User\AppData\Roaming\30EF7
    C:\Users\Steven User\AppData\Roaming\ZEoe6z4wogxWwAH
    C:\Users\Steven User\AppData\Roaming\hrzONtxA0c2b3n4
    C:\Users\Steven User\AppData\Roaming\XvDobF4pm5Q6E8R
    C:\Users\Steven User\AppData\Roaming\U9hTXwjUeIrPyAu
    C:\Users\Steven User\AppData\Roaming\l9gTXqjYCkVzNx0
    C:\Users\Steven User\AppData\Roaming\NQJ6dEKfR9TwUeI
    C:\Users\Steven User\Desktop\0.4678522676718392.exe
    C:\ProgramData\privacy.exe
    C:\Program Files\30EF7
    C:\Program Files\LP
    C:\Users\Steven User\AppData\Roaming\90D30
    C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012
    C:\Users\Steven User\AppData\Roaming\okIBrzONyAuSiF
    C:\Users\Steven User\AppData\Roaming\NpnG5aQH6W7
    C:\Users\Steven User\AppData\Roaming\LS1ibD3on4HsJfL

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

Restart the computer back to OTLPE.
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in



      /md5start
      Userinit.exe
      volsnap.sys
      kbdclass.sys
      Explorer.exe
      Winlogon.exe
      /md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 SarahDoughnut717

SarahDoughnut717
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 27 November 2011 - 11:05 PM

Here is the first one:


========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\0D1.exe deleted successfully.
C:\Program Files\LP\4849\0D1.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FcSibD3pn4Q6W7E deleted successfully.
C:\Users\Steven User\AppData\Roaming\dwme.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Gamevance deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\j1ivD3onFaHsJdL8234A deleted successfully.
File C:\Windows\System32\System Security 2012v121.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rdWK8fRL9TqUeIr8234A deleted successfully.
Registry value HKEY_USERS\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_USERS\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\0D1.exe deleted successfully.
C:\Users\Steven User\AppData\Roaming\Microsoft\4849\0D1.exe moved successfully.
Registry value HKEY_USERS\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\1Y5U7AYUWGXY3X8WVZDKGNVBRXW deleted successfully.
C:\Fonts\6DFBBA77D25.exe moved successfully.
Registry value HKEY_USERS\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\CvS2obF3pGa8234A deleted successfully.
Registry value HKEY_USERS\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Privacy Protection deleted successfully.
C:\ProgramData\privacy.exe moved successfully.
Registry value HKEY_USERS\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\c0b17375 deleted successfully.
Registry value HKEY_USERS\Steven_User_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\system32\config\systemprofile\AppData\Local\c0b17375\X deleted successfully.
========== FILES ==========
C:\Users\Steven User\AppData\Roaming\RucS2ibD3n4Q6W folder moved successfully.
C:\Users\Steven User\AppData\Roaming\iL9gTXqjYeIrOtA folder moved successfully.
C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011 folder moved successfully.
C:\Users\Steven User\AppData\Roaming\RsQJ7dEK8R9YwUe folder moved successfully.
C:\Users\Steven User\AppData\Roaming\avD2onF4pH folder moved successfully.
C:\Users\Steven User\AppData\Roaming\QnG5aQH6dKf folder moved successfully.
C:\Users\Steven User\AppData\Roaming\WonF4pmH5Q7E8R9 folder moved successfully.
C:\Users\Steven User\AppData\Roaming\30EF7 folder moved successfully.
C:\Users\Steven User\AppData\Roaming\ZEoe6z4wogxWwAH folder moved successfully.
C:\Users\Steven User\AppData\Roaming\hrzONtxA0c2b3n4 folder moved successfully.
C:\Users\Steven User\AppData\Roaming\XvDobF4pm5Q6E8R folder moved successfully.
C:\Users\Steven User\AppData\Roaming\U9hTXwjUeIrPyAu folder moved successfully.
C:\Users\Steven User\AppData\Roaming\l9gTXqjYCkVzNx0 folder moved successfully.
C:\Users\Steven User\AppData\Roaming\NQJ6dEKfR9TwUeI folder moved successfully.
C:\Users\Steven User\Desktop\0.4678522676718392.exe moved successfully.
File\Folder C:\ProgramData\privacy.exe not found.
C:\Program Files\30EF7 folder moved successfully.
C:\Program Files\LP\4849 folder moved successfully.
C:\Program Files\LP folder moved successfully.
C:\Users\Steven User\AppData\Roaming\90D30 folder moved successfully.
File\Folder C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012 not found.
C:\Users\Steven User\AppData\Roaming\okIBrzONyAuSiF folder moved successfully.
C:\Users\Steven User\AppData\Roaming\NpnG5aQH6W7 folder moved successfully.
C:\Users\Steven User\AppData\Roaming\LS1ibD3on4HsJfL folder moved successfully.

OTLPE by OldTimer - Version 3.1.48.0 log created on 11272011_223400





Here is the 2nd one:


OTL logfile created on: 11/27/2011 10:38:52 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 88.22 Gb Free Space | 59.78% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 1.87 Gb Free Space | 99.99% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto] -- -- (TosCoSrv)
SRV - File not found [Auto] -- -- (MSK80Service)
SRV - File not found [Auto] -- -- (MpfService)
SRV - File not found [On_Demand] -- -- (McSysmon)
SRV - File not found [Auto] -- -- (McProxy)
SRV - File not found [Auto] -- -- (mcmscsvc)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [Auto] -- -- (Apple Mobile Device)
SRV - [2011/11/08 22:53:19 | 000,532,480 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2011/11/08 22:53:16 | 000,196,608 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2011/11/08 22:53:12 | 000,225,280 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2011/11/08 22:53:10 | 000,294,912 | ---- | M] () [Auto] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2011/11/08 22:53:05 | 000,765,952 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/11/08 22:53:04 | 002,584,576 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2011/11/08 22:52:56 | 000,569,344 | ---- | M] (WildTangent, Inc.) [Auto] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2011/11/08 22:52:55 | 000,598,016 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/11/08 22:52:48 | 000,188,416 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2011/05/28 01:09:00 | 001,512,735 | -H-- | M] () [Auto] -- C:\ProgramData\dimlopmnjebx.dat -- (SENS)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand] -- -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IO_Memory)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | Disabled] -- -- (blbdrive)
DRV - [2011/11/26 20:51:54 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\1970516416 -- (c0b17375)
DRV - [2011/11/18 02:32:44 | 000,273,408 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/07/06 09:56:47 | 000,213,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2011/04/29 07:49:57 | 000,146,432 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2011/04/29 07:49:55 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2011/04/29 07:49:44 | 000,079,360 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2011/04/29 07:49:35 | 000,105,984 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2011/04/18 19:35:53 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110415.001\bhdrvx86.sys -- (BHDrvx86)
DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\navex15.sys -- (NAVEX15)
DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\naveng.sys -- (NAVENG)
DRV - [2011/04/14 09:24:14 | 000,075,264 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys -- (SymEFA)
DRV - [2011/03/14 21:29:00 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110330.001\idsvix86.sys -- (IDSVix86)
DRV - [2011/02/22 07:51:51 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2011/02/18 08:31:24 | 000,304,640 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/08/20 23:59:12 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/06/16 10:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip6)
DRV - [2010/06/16 10:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2010/04/19 19:47:42 | 000,041,984 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2010/02/20 16:18:40 | 000,411,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2010/02/18 06:52:00 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2009/06/15 13:20:59 | 000,439,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/08/01 20:01:23 | 000,625,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2008/05/19 21:07:31 | 000,148,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2008/04/04 20:21:42 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\pacer.sys -- (PSched)
DRV - [2008/02/22 21:38:33 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2008/01/19 02:43:40 | 001,081,912 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/01/19 02:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/01/19 02:43:27 | 000,503,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2008/01/19 02:43:03 | 000,294,456 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2008/01/19 02:43:03 | 000,266,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2008/01/19 02:42:58 | 000,247,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\clfs.sys -- (CLFS) Common Log (CLFS)
DRV - [2008/01/19 02:42:48 | 000,227,896 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2008/01/19 02:42:38 | 000,192,056 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2008/01/19 02:42:35 | 000,181,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2008/01/19 02:42:31 | 000,058,936 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2008/01/19 02:42:29 | 000,163,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2008/01/19 02:42:28 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/01/19 02:42:23 | 000,056,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2008/01/19 02:42:20 | 000,151,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2008/01/19 02:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\disk.sys -- (disk)
DRV - [2008/01/19 02:42:19 | 000,054,328 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2008/01/19 02:42:18 | 000,052,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2008/01/19 02:42:14 | 000,049,720 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
DRV - [2008/01/19 02:42:11 | 000,143,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache)
DRV - [2008/01/19 02:41:52 | 000,035,384 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2008/01/19 02:41:52 | 000,034,360 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2008/01/19 02:41:49 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/01/19 02:41:40 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2008/01/19 02:41:30 | 000,021,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2008/01/19 02:41:25 | 000,020,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/01/19 02:41:20 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2008/01/19 02:41:14 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2008/01/19 02:41:14 | 000,015,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2008/01/19 01:14:40 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/01/19 01:04:19 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV - [2008/01/19 01:01:21 | 000,181,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/01/19 01:01:15 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2008/01/19 01:01:09 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2008/01/19 01:01:08 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/01/19 01:01:08 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2008/01/19 01:01:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/01/19 00:57:16 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2008/01/19 00:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/19 00:56:43 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV - [2008/01/19 00:56:34 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/01/19 00:56:34 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/01/19 00:56:33 | 000,121,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/01/19 00:56:33 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/01/19 00:56:31 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2008/01/19 00:56:31 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/01/19 00:56:31 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2008/01/19 00:56:29 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/01/19 00:56:28 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2008/01/19 00:56:28 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/01/19 00:56:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/01/19 00:56:07 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2008/01/19 00:56:07 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2008/01/19 00:55:58 | 000,071,680 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2008/01/19 00:55:50 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2008/01/19 00:55:45 | 000,035,840 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/01/19 00:55:41 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp)
DRV - [2008/01/19 00:55:40 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/01/19 00:55:35 | 000,184,320 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2008/01/19 00:55:27 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2008/01/19 00:55:19 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/01/19 00:55:03 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2008/01/19 00:55:03 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2008/01/19 00:54:46 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2008/01/19 00:53:42 | 000,194,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/01/19 00:53:40 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2008/01/19 00:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2008/01/19 00:53:21 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/01/19 00:53:20 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/01/19 00:53:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/01/19 00:53:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/01/19 00:52:19 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2008/01/19 00:52:06 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/01/19 00:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2008/01/19 00:49:20 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/01/19 00:49:19 | 000,006,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/01/19 00:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/01/19 00:49:18 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/01/19 00:49:18 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/01/19 00:49:16 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/19 00:49:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2008/01/19 00:49:12 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2008/01/19 00:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2008/01/19 00:32:47 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2008/01/19 00:30:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [File_System | Auto] -- C:\Windows\system32\drivers\luafv.sys -- (luafv)
DRV - [2008/01/19 00:30:23 | 000,027,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2008/01/19 00:28:45 | 000,110,080 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/01/19 00:28:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2008/01/19 00:28:10 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/01/19 00:28:09 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/01/19 00:28:08 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2008/01/19 00:28:02 | 000,070,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2008/01/19 00:28:01 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2008/01/19 00:28:01 | 000,136,192 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2008/01/19 00:27:57 | 000,012,800 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2008/01/19 00:27:21 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/01/18 23:30:49 | 000,053,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/06 17:02:00 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV - [2007/11/06 16:54:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2007/09/19 13:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/09/13 18:23:50 | 001,925,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/08/15 20:03:36 | 000,190,384 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/24 15:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 10:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 12:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 12:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 12:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 12:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/06/01 16:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/04/25 20:03:58 | 001,771,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/09 13:00:00 | 000,221,696 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 01:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:40 | 000,106,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\msdsm.sys -- (msdsm)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mpio.sys -- (mpio)
DRV - [2006/11/02 04:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:04 | 000,058,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2006/11/02 04:50:04 | 000,058,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,056,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - [2006/11/02 04:49:59 | 000,054,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:52 | 000,054,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\agp440.sys -- (agp440)
DRV - [2006/11/02 04:49:51 | 000,053,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2006/11/02 04:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2006/11/02 04:49:43 | 000,022,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2006/11/02 04:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\wd.sys -- (Wd)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdide.sys -- (amdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:49:20 | 000,013,416 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\pciide.sys -- (pciide)
DRV - [2006/11/02 04:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2006/11/02 04:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006/11/02 03:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 03:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 03:55:20 | 000,132,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV - [2006/11/02 03:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2006/11/02 03:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 03:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\circlass.sys -- (circlass)
DRV - [2006/11/02 03:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 03:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 03:53:56 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2006/11/02 03:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 03:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 03:51:40 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2006/11/02 03:51:40 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2006/11/02 03:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006/11/02 03:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006/11/02 03:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006/11/02 03:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - [2006/11/02 03:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 03:51:25 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - [2006/11/02 03:51:23 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - [2006/11/02 03:51:12 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2006/11/02 03:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ipmidrv.sys -- (IPMIDRV)
DRV - [2006/11/02 03:35:03 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2006/11/02 03:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\viac7.sys -- (ViaC7)
DRV - [2006/11/02 03:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006/11/02 03:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006/11/02 03:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006/11/02 03:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\processr.sys -- (Processor)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:49 | 000,235,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 02:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 01:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 07:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Guest_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steven_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25402

IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?ie=UTF-8&amp;hl=en
IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steven_User_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/mswmp,version=1.0: C:\Program Files\SpiralFrog\wmp\np-mswmp.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SpiralFrog.com/Download Manager,version=1.0.0: C:\Program Files\SpiralFrog\NPSFDMGR.dll (SpiralFrog Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 16:34:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.528.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/23 15:33:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/23 15:33:05 | 000,000,000 | ---D | M]

[2010/12/08 17:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/23 15:32:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/10/23 15:32:53 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/10/23 15:32:53 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2011/10/23 15:32:58 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2010/05/02 13:10:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/05/02 13:10:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/05/02 13:10:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/05/02 13:10:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/05/02 13:10:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/05/02 13:10:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/05/02 13:10:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2011/10/23 15:33:01 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/10/23 15:33:01 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2011/10/23 15:33:01 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2011/10/23 15:33:01 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/10/23 15:33:01 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/10/23 15:33:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/10/23 15:33:01 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Steven_User_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MRT] C:\Windows\System32\MRT.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe (SpiralFrog)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\Guest_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\Guest_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Guest_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steven_ON_C..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\Steven_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Steven_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steven_User_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Steven_User_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - File not found
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/27 22:34:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard
[2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F
[2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/11/18 00:11:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2011/11/18 00:07:17 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\CrashDumps
[2011/11/17 23:13:58 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\NPE
[2011/11/17 23:07:14 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/11/17 22:52:39 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/17 22:52:11 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys
[2011/11/17 22:52:11 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/11/17 22:52:11 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys
[2011/11/17 22:52:11 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/11/17 22:52:11 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
[2011/11/17 22:52:11 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\ironx86.sys
[2011/11/17 22:52:11 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/11/17 22:51:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
[2011/11/17 22:50:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011/11/17 22:50:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/17 22:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/11/17 22:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2011/11/17 21:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/11/08 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012
[2011/11/07 19:15:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

Here is the rest of the 2nd one:


File not found -- C:\Windows\System32\
[2011/11/26 20:51:54 | 000,000,000 | ---- | M] () -- C:\Windows\1970516416
[2011/11/26 20:51:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/26 19:24:11 | 146,509,049 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/26 19:09:25 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/26 19:09:25 | 000,105,530 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/26 18:43:58 | 076,004,920 | -H-- | M] () -- C:\ProgramData\xbejnmpolmid.dat
[2011/11/26 18:38:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 18:38:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 18:04:15 | 000,001,927 | ---- | M] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
[2011/11/26 17:58:53 | 000,000,925 | ---- | M] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
[2011/11/26 17:57:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
[2011/11/26 16:31:41 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ej23jnm23.dat
[2011/11/26 16:31:31 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocejmiaiw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\odej23moc.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\muhmiaol23.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\metroosehw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\exeiuqolmis.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ewqlldnolmia.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\otiuqarcjra.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocmuhmjila.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\niw46mia23.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\busmjnolexe.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\46nololarc.dat
[2011/11/26 16:12:36 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\mia46mirmoc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\arcotniwniw.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\23hwmiamoc.dat
[2011/11/18 20:01:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/11/18 18:20:45 | 000,775,673 | ---- | M] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
[2011/11/18 02:33:05 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
[2011/11/18 02:32:42 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlrmdr.exe
[2011/11/18 02:32:42 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpnotify.exe
[2011/11/18 02:32:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2011/11/18 02:31:59 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/11/18 02:31:15 | 000,318,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/11/18 02:29:40 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011/11/18 02:29:33 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasautou.exe
[2011/11/18 02:29:15 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2011/11/18 02:29:15 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/11/18 02:29:01 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printui.exe
[2011/11/18 02:28:41 | 000,520,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2011/11/18 02:28:41 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011/11/18 02:28:34 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011/11/18 02:28:32 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
[2011/11/18 02:28:27 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011/11/18 02:27:50 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2011/11/18 02:26:46 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/11/18 02:26:42 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011/11/18 02:26:33 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011/11/18 02:25:45 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011/11/18 02:24:18 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2011/11/18 02:23:55 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/11/18 02:23:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/11/18 02:22:41 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
[2011/11/18 02:22:13 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdbinst.exe
[2011/11/17 23:39:26 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_77621.nl_
[2011/11/17 23:18:19 | 002,284,298 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/17 23:16:36 | 006,691,812 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
[2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/17 22:52:39 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/17 22:52:39 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/17 22:52:17 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/17 20:30:31 | 000,001,814 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
[2011/11/17 18:00:24 | 000,000,680 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
[2011/11/17 17:55:33 | 000,002,609 | ---- | M] () -- C:\Users\Steven User\Desktop\Microsoft Office Word 2003.lnk
[2011/11/16 00:04:52 | 000,437,248 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\java.exe
[2011/11/14 17:55:47 | 000,000,340 | ---- | M] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
[2011/11/13 03:55:52 | 000,760,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/11/11 22:33:21 | 000,657,042 | ---- | M] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
[2011/11/11 00:57:47 | 000,022,519 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/11/09 23:14:20 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011/11/09 21:09:08 | 001,818,624 | ---- | M] () -- C:\Windows\System32\System Security 2012v121.exe
[2011/11/09 01:58:19 | 000,215,552 | ---- | M] () -- C:\Windows\zip.exe
[2011/11/09 00:32:40 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
[2011/11/09 00:32:38 | 000,178,688 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
[2011/11/09 00:31:38 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/11/09 00:31:38 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2011/11/09 00:31:37 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011/11/09 00:31:37 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/11/09 00:31:36 | 000,393,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/11/09 00:31:36 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/11/09 00:31:35 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
[2011/11/09 00:31:35 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\write.exe
[2011/11/09 00:31:34 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
[2011/11/09 00:31:34 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/11/09 00:31:34 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcer.exe
[2011/11/09 00:31:31 | 003,364,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/11/09 00:31:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winver.exe
[2011/11/09 00:31:30 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/11/09 00:31:29 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/11/09 00:31:27 | 000,355,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/11/09 00:31:22 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2011/11/09 00:31:22 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
[2011/11/09 00:31:21 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\whoami.exe
[2011/11/09 00:31:21 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\where.exe
[2011/11/09 00:31:20 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011/11/09 00:31:20 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/11/09 00:31:19 | 001,007,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/11/09 00:31:18 | 001,290,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011/11/09 00:31:18 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/11/09 00:30:41 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011/11/09 00:30:41 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
[2011/11/09 00:30:40 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsp1cln.exe
[2011/11/09 00:30:40 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
[2011/11/09 00:30:39 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
[2011/11/09 00:30:39 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verclsid.exe
[2011/11/09 00:30:38 | 000,786,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011/11/09 00:30:37 | 000,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/11/09 00:30:37 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
[2011/11/09 00:30:36 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2011/11/09 00:30:35 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2011/11/09 00:30:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\typeperf.exe
[2011/11/09 00:30:34 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011/11/09 00:30:33 | 000,484,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2011/11/09 00:30:33 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011/11/09 00:30:33 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TRACERT.EXE
[2011/11/09 00:30:32 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
[2011/11/09 00:30:32 | 000,225,280 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\tosmreg.exe
[2011/11/09 00:30:31 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timeout.exe
[2011/11/09 00:30:30 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcmsetup.exe
[2011/11/09 00:30:19 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2011/11/09 00:30:19 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2011/11/09 00:30:18 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011/11/09 00:30:18 | 000,158,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TapiUnattend.exe
[2011/11/09 00:30:17 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesRemote.exe
[2011/11/09 00:30:17 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011/11/09 00:30:17 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systray.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesProtection.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesPerformance.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesHardware.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesComputerName.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesAdvanced.exe
[2011/11/09 00:30:14 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
[2011/11/09 00:30:11 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
[2011/11/09 00:30:11 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
[2011/11/09 00:30:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\subst.exe
[2011/11/09 00:29:58 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2011/11/09 00:29:58 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sort.exe
[2011/11/09 00:29:57 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011/11/09 00:29:57 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/11/09 00:29:54 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011/11/09 00:29:53 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011/11/09 00:29:52 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sigverif.exe
[2011/11/09 00:29:51 | 000,543,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
[2011/11/09 00:29:51 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
[2011/11/09 00:29:50 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setx.exe
[2011/11/09 00:29:50 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
[2011/11/09 00:29:49 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011/11/09 00:29:49 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
[2011/11/09 00:29:48 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/11/09 00:29:47 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/11/09 00:29:47 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011/11/09 00:29:46 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
[2011/11/09 00:29:46 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secinit.exe
[2011/11/09 00:29:44 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/11/09 00:29:44 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
[2011/11/09 00:29:43 | 000,299,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/11/09 00:29:42 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011/11/09 00:29:42 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sc.exe
[2011/11/09 00:29:42 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2011/11/09 00:29:41 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RunLegacyCPLElevated.exe
[2011/11/09 00:29:41 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runas.exe
[2011/11/09 00:29:39 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/11/09 00:29:39 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
[2011/11/09 00:29:39 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/11/09 00:29:38 | 000,235,008 | ---- | M] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011/11/09 00:29:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RmClient.exe
[2011/11/09 00:29:37 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/11/09 00:29:37 | 000,494,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/11/09 00:29:36 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/11/09 00:29:36 | 000,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/11/09 00:29:35 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\replace.exe
[2011/11/09 00:29:19 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2011/11/09 00:29:19 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2011/11/09 00:29:18 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/11/09 00:29:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
[2011/11/09 00:29:17 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011/11/09 00:29:17 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
[2011/11/09 00:29:17 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regedt32.exe
[2011/11/09 00:29:16 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recover.exe
[2011/11/09 00:29:15 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
[2011/11/09 00:29:15 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
[2011/11/09 00:29:15 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
[2011/11/09 00:29:14 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011/11/09 00:29:13 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2011/11/09 00:29:12 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2011/11/09 00:29:10 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/11/09 00:29:10 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/11/09 00:29:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\print.exe
[2011/11/09 00:29:09 | 000,436,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/11/09 00:29:09 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powercfg.exe
[2011/11/09 00:29:08 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/11/09 00:29:08 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011/11/09 00:29:08 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\plasrv.exe
[2011/11/09 00:29:07 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/11/09 00:29:07 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
[2011/11/09 00:29:06 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011/11/09 00:29:06 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011/11/09 00:29:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaui.exe
[2011/11/09 00:29:05 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaelv.exe
[2011/11/09 00:29:05 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcalua.exe
[2011/11/09 00:29:04 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
[2011/11/09 00:29:04 | 000,329,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011/11/09 00:29:04 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PATHPING.EXE
[2011/11/09 00:29:03 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
[2011/11/09 00:29:03 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\openfiles.exe
[2011/11/09 00:28:54 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.exe
[2011/11/09 00:28:53 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcad32.exe
[2011/11/09 00:28:53 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/11/09 00:28:52 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2011/11/09 00:28:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/11/09 00:28:49 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/11/09 00:28:48 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netsh.exe
[2011/11/09 00:28:48 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NetProj.exe
[2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
[2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/11/09 00:28:46 | 000,306,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011/11/09 00:28:46 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net.exe
[2011/11/09 00:28:45 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
[2011/11/09 00:28:44 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
[2011/11/09 00:28:42 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
[2011/11/09 00:28:41 | 000,632,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2011/11/09 00:28:41 | 000,612,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2011/11/09 00:28:41 | 000,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/11/09 00:28:40 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/09 00:28:37 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011/11/09 00:28:37 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
[2011/11/09 00:28:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
[2011/11/09 00:28:33 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/11/09 00:28:32 | 001,939,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011/11/09 00:28:19 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2011/11/09 00:28:17 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/11/09 00:28:16 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011/11/09 00:28:16 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011/11/09 00:28:16 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdRes.exe
[2011/11/09 00:28:15 | 001,086,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/11/09 00:28:15 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2011/11/09 00:28:14 | 000,857,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011/11/09 00:28:11 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011/11/09 00:28:10 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011/11/09 00:28:10 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/11/09 00:28:07 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/11/09 00:28:06 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2011/11/09 00:28:01 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\label.exe
[2011/11/09 00:28:01 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2011/11/09 00:28:00 | 000,286,720 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/11/09 00:28:00 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/11/09 00:27:59 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/11/09 00:27:58 | 000,313,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\irftp.exe
[2011/11/09 00:27:58 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicpl.exe
[2011/11/09 00:27:57 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011/11/09 00:27:57 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
[2011/11/09 00:27:48 | 001,060,864 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2011/11/09 00:27:46 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/11/09 00:27:46 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/11/09 00:27:45 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/11/09 00:27:45 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2011/11/09 00:27:44 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2011/11/09 00:27:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2011/11/09 00:27:42 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/11/09 00:27:41 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\help.exe
[2011/11/09 00:27:40 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\grpconv.exe
[2011/11/09 00:27:38 | 000,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011/11/09 00:27:38 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011/11/09 00:27:37 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2011/11/09 00:27:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/11/09 00:27:36 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/11/09 00:27:35 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\forfiles.exe
[2011/11/09 00:27:35 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontview.exe
[2011/11/09 00:27:35 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fltMC.exe
[2011/11/09 00:27:34 | 002,732,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2011/11/09 00:27:34 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallSettings.exe
[2011/11/09 00:27:34 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fixmapi.exe
[2011/11/09 00:27:33 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/11/09 00:27:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\find.exe
[2011/11/09 00:27:33 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/11/09 00:27:32 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011/11/09 00:27:31 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2011/11/09 00:27:30 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventvwr.exe
[2011/11/09 00:27:30 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventcreate.exe
[2011/11/09 00:27:29 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/11/09 00:27:29 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2011/11/09 00:27:15 | 000,400,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/11/09 00:27:15 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\efsui.exe
[2011/11/09 00:27:14 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2011/11/09 00:27:13 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dvdupgrd.exe
[2011/11/09 00:22:42 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2011/11/09 00:22:41 | 000,170,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2011/11/09 00:22:41 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dplaysvr.exe
[2011/11/09 00:22:40 | 000,554,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011/11/09 00:22:40 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2011/11/09 00:22:39 | 000,249,856 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/11/09 00:22:39 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\doskey.exe
[2011/11/09 00:22:38 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2011/11/09 00:22:38 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhst3g.exe
[2011/11/09 00:22:37 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/11/09 00:22:37 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/11/09 00:22:37 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskperf.exe
[2011/11/09 00:22:36 | 000,241,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2011/11/09 00:22:36 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dialer.exe
[2011/11/09 00:22:35 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011/11/09 00:22:35 | 000,311,296 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2011/11/09 00:22:34 | 000,244,224 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2011/11/09 00:22:34 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2011/11/09 00:22:34 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2011/11/09 00:22:33 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011/11/09 00:22:33 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceProperties.exe
[2011/11/09 00:22:32 | 000,374,272 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2011/11/09 00:22:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dcomcnfg.exe
[2011/11/09 00:22:29 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/11/09 00:22:29 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credwiz.exe
[2011/11/09 00:22:28 | 000,359,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\control.exe
[2011/11/09 00:22:28 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2011/11/09 00:22:27 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011/11/09 00:21:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2011/11/09 00:21:00 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2011/11/09 00:21:00 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comp.exe
[2011/11/09 00:21:00 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\compact.exe
[2011/11/09 00:20:58 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\colorcpl.exe
[2011/11/09 00:20:57 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011/11/09 00:20:57 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cofire.exe
[2011/11/09 00:20:56 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
[2011/11/09 00:20:56 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011/11/09 00:20:55 | 000,466,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011/11/09 00:20:55 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clip.exe
[2011/11/09 00:20:55 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdkey.exe
[2011/11/09 00:20:54 | 000,326,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cleanmgr.exe
[2011/11/09 00:20:54 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011/11/09 00:20:54 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cliconfg.exe
[2011/11/09 00:20:53 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\choice.exe
[2011/11/09 00:20:53 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkntfs.exe
[2011/11/09 00:20:52 | 000,946,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011/11/09 00:20:52 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\charmap.exe
[2011/11/09 00:20:52 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkdsk.exe
[2011/11/09 00:20:51 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011/11/09 00:20:51 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011/11/09 00:20:46 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011/11/09 00:20:46 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2011/11/09 00:20:45 | 000,241,664 | ---- | M] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2011/11/09 00:20:45 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011/11/09 00:20:44 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2011/11/09 00:20:42 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011/11/09 00:20:41 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011/11/09 00:20:39 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/11/09 00:20:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
[2011/11/09 00:20:38 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
[2011/11/09 00:20:38 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2011/11/09 00:20:38 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/11/09 00:20:36 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AdapterTroubleshooter.exe
[2011/11/09 00:20:35 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2011/11/09 00:19:23 | 000,246,272 | ---- | M] () -- C:\Windows\sed.exe
[2011/11/09 00:19:20 | 000,425,984 | ---- | M] (Toshiba America Information Systems) -- C:\Windows\SavePOH.exe
[2011/11/09 00:19:19 | 004,591,616 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/11/09 00:19:19 | 001,339,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2011/11/09 00:19:08 | 000,403,968 | ---- | M] () -- C:\Windows\PEV.exe
[2011/11/09 00:15:49 | 000,462,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2011/11/09 00:15:48 | 000,645,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2011/11/09 00:15:43 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2011/11/09 00:14:57 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/11/09 00:08:50 | 000,195,072 | ---- | M] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2011/11/09 00:05:34 | 000,430,080 | ---- | M] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
[2011/11/08 23:35:12 | 000,638,976 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\cselect.exe
[2011/11/08 22:59:47 | 001,267,298 | ---- | M] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
[2011/11/08 22:53:30 | 005,292,544 | ---- | M] (ParetoLogic, Inc.) -- C:\Users\Steven User\Desktop\PCHA.exe
[2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
[2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2011/11/08 22:52:17 | 000,133,632 | ---- | M] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
[2011/11/06 23:35:41 | 000,001,100 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
[334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/26 16:31:41 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ej23jnm23.dat
[2011/11/26 16:31:31 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocejmiaiw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\odej23moc.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\muhmiaol23.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\metroosehw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\exeiuqolmis.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ewqlldnolmia.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\otiuqarcjra.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocmuhmjila.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\niw46mia23.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\busmjnolexe.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\46nololarc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\mia46mirmoc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\arcotniwniw.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\23hwmiamoc.dat
[2011/11/18 20:01:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F\isolate.ini
[2011/11/17 23:17:25 | 002,284,298 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/17 23:15:54 | 006,691,812 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
[2011/11/17 23:07:14 | 000,000,925 | ---- | C] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
[2011/11/17 22:52:39 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/17 22:52:39 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/17 22:52:11 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/11/17 22:52:11 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.cat
[2011/11/17 22:52:11 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.cat
[2011/11/17 22:52:11 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.cat
[2011/11/17 22:52:11 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/11/17 22:52:11 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/11/17 22:52:11 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.inf
[2011/11/17 22:52:11 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.inf
[2011/11/17 22:52:11 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/11/17 22:52:11 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.inf
[2011/11/17 22:52:11 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/11/17 22:52:11 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/11/17 22:52:11 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.inf
[2011/11/17 22:52:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
[2011/11/17 22:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.cat
[2011/11/17 20:30:31 | 000,001,927 | ---- | C] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
[2011/11/15 17:08:22 | 000,437,248 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\java.exe
[2011/11/12 01:33:53 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_77621.nl_
[2011/11/11 22:32:20 | 000,657,042 | ---- | C] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
[2011/11/08 23:52:09 | 000,775,673 | ---- | C] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
[2011/11/08 22:59:47 | 000,430,080 | ---- | C] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
[2011/11/08 22:57:40 | 000,001,814 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
[2011/11/08 22:57:32 | 001,818,624 | ---- | C] () -- C:\Windows\System32\System Security 2012v121.exe
[2011/11/08 22:53:33 | 000,000,340 | ---- | C] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
[2011/11/08 22:52:12 | 001,267,298 | ---- | C] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
[2011/11/08 22:52:12 | 000,133,632 | ---- | C] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
[2011/06/06 21:59:30 | 000,000,680 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
[2011/06/05 22:09:49 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~30531320r
[2011/06/05 22:09:48 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~30531320
[2011/06/05 22:08:44 | 000,000,392 | -H-- | C] () -- C:\ProgramData\30531320
[2011/06/05 17:51:42 | 000,001,100 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
[2011/05/28 01:09:00 | 076,004,920 | -H-- | C] () -- C:\ProgramData\xbejnmpolmid.dat
[2011/05/28 01:09:00 | 003,748,983 | -H-- | C] () -- C:\Windows\System32\32mnj32je.dat
[2011/05/28 01:09:00 | 003,412,402 | -H-- | C] () -- C:\Windows\System32\com32jedo.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\winwintocra.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comrim64aim.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comaimwh32.dat
[2011/05/28 01:09:00 | 003,233,636 | -H-- | C] () -- C:\Windows\System32\wiaimjeco.dat
[2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\exelonjmsub.dat
[2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\alijmhumco.dat
[2011/05/28 01:09:00 | 002,938,007 | -H-- | C] () -- C:\Windows\System32\simloquiexe.dat
[2011/05/28 01:09:00 | 002,610,209 | -H-- | C] () -- C:\Windows\System32\arjcraquito.dat
[2011/05/28 01:09:00 | 002,554,671 | -H-- | C] () -- C:\Windows\System32\32aim64win.dat
[2011/05/28 01:09:00 | 002,499,132 | -H-- | C] () -- C:\Windows\System32\32loaimhum.dat
[2011/05/28 01:09:00 | 002,480,750 | -H-- | C] () -- C:\Windows\System32\cralolon64.dat
[2011/05/28 01:09:00 | 002,024,737 | -H-- | C] () -- C:\Windows\System32\aimlondllqwe.dat
[2011/05/28 01:09:00 | 002,016,254 | -H-- | C] () -- C:\Windows\System32\whesoortem.dat
[2011/05/28 01:09:00 | 001,512,735 | -H-- | C] () -- C:\ProgramData\dimlopmnjebx.dat
[2010/11/29 16:08:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/29 16:08:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/25 17:10:48 | 000,227,896 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/25 17:07:39 | 000,035,384 | ---- | C] () -- C:\Windows\System32\drivers\kbdclass.sys
[2010/11/24 14:42:18 | 000,000,680 | ---- | C] () -- C:\Users\Steven\AppData\Local\d3d9caps.dat
[2010/09/30 14:47:29 | 000,403,968 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/30 14:47:29 | 000,246,272 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/30 14:47:29 | 000,215,552 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/30 14:47:29 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/30 14:47:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/10 20:45:27 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/07/28 23:18:47 | 000,003,584 | ---- | C] () -- C:\Users\Guest\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 19:20:27 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/12/03 19:20:27 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT
[2008/10/26 11:26:38 | 000,006,656 | ---- | C] () -- C:\Users\Steven User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/16 19:10:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/29 17:35:45 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/11/06 18:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/11/06 18:13:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/11/06 18:13:22 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/11/06 18:13:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/11/06 18:13:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/11/06 17:33:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/11/06 17:33:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/11/06 17:33:44 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/11/06 17:33:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/09/13 18:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 18:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 18:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 18:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/05 16:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,321,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,607,658 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,530 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\DriverCure
[2010/10/04 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\gtk-2.0
[2010/12/15 15:03:25 | 000,000,000 | -HSD | M] -- C:\Users\Steven\AppData\Roaming\Internet Security Suite
[2010/07/11 15:05:20 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\My Battle for Middle-earth Files
[2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\ParetoLogic
[2008/04/06 10:57:17 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\TOSHIBA
[2008/03/29 17:43:54 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WildTangent
[2008/04/06 10:55:30 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WinBatch
[2011/06/05 22:05:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\BitTorrent
[2010/12/07 15:45:17 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\DriverCure
[2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth Files
[2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth™ II Files
[2010/12/07 15:45:12 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\ParetoLogic
[2009/12/13 16:18:55 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WeatherBug
[2008/06/27 16:19:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WinBatch
[2011/01/13 03:07:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\2f8725
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/06/06 22:12:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Flip Video
[2010/12/08 18:35:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\ISVZJKWXPS
[2010/09/10 19:40:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\MSDXBJHHS
[2011/06/05 21:17:26 | 000,000,000 | -H-D | M] -- C:\ProgramData\Napster
[2011/11/26 17:58:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\ParetoLogic
[2011/11/17 22:36:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2007/12/11 08:36:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\Toshiba
[2011/06/06 22:12:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2011/06/06 22:12:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2009/03/15 14:23:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2007/12/11 08:13:39 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/05/02 13:17:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/14 23:59:59 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/10/01 00:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/09/10 21:54:55 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011/11/26 16:31:01 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\temp\RarSFX0\procs\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/11/09 00:15:32 | 003,074,560 | ---- | M] (Microsoft Corporation) MD5=57FC10BCCA2D47E4A8D707567F820262 -- C:\Windows\ERDNT\cache\explorer.exe
[2008/04/26 10:22:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\temp\RarSFX0\h\explorer.exe
[2008/04/26 10:22:01 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: KBDCLASS.SYS >
[2006/11/02 04:49:57 | 000,032,872 | ---- | M] (Microsoft Corporation) MD5=1A48765F92BA1A88445FC25C9C9D94FC -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\kbdclass.sys
[2008/01/19 02:41:52 | 000,035,384 | ---- | M] () MD5=1E9BA92F2B971F07B0772B9F805F5A0C -- C:\Windows\System32\drivers\kbdclass.sys
[2008/01/19 02:41:52 | 000,035,384 | ---- | M] (Microsoft Corporation) MD5=37605E0A8CF00CBBA538E753E4344C6E -- C:\Windows\ERDNT\cache\kbdclass.sys
[2008/01/19 02:41:52 | 000,035,384 | ---- | M] (Microsoft Corporation) MD5=37605E0A8CF00CBBA538E753E4344C6E -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\kbdclass.sys
[2008/01/19 02:41:52 | 000,035,384 | ---- | M] (Microsoft Corporation) MD5=37605E0A8CF00CBBA538E753E4344C6E -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\kbdclass.sys
[2008/01/19 02:41:52 | 000,035,384 | ---- | M] (Microsoft Corporation) MD5=37605E0A8CF00CBBA538E753E4344C6E -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6002.18005_none_9939e6e4d61ab7ca\kbdclass.sys
[2007/12/05 23:22:14 | 000,035,384 | ---- | M] (Microsoft Corporation) MD5=B076B2AB806B3F696DAB21375389101C -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\kbdclass.sys
[2007/12/05 23:22:14 | 000,035,384 | ---- | M] (Microsoft Corporation) MD5=B076B2AB806B3F696DAB21375389101C -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\kbdclass.sys
[2007/12/05 23:14:53 | 000,035,384 | ---- | M] (Microsoft Corporation) MD5=C9B0CF786D5F151A43C7BE8E243F2819 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\kbdclass.sys

< MD5 for: USERINIT.EXE >
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2011/11/09 00:30:38 | 000,172,544 | ---- | M] (Microsoft Corporation) MD5=75B00749C454BD7697257BC40A5E48DA -- C:\Windows\System32\userinit.exe
[2011/11/09 00:30:38 | 000,172,544 | ---- | M] (Microsoft Corporation) MD5=75B00749C454BD7697257BC40A5E48DA -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\temp\RarSFX0\userinit.exe
[2011/11/09 00:15:35 | 000,172,544 | ---- | M] (Microsoft Corporation) MD5=F8BCA3EB6C319149E37439D014932198 -- C:\Windows\ERDNT\cache\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/01/19 02:42:48 | 000,227,896 | ---- | M] () MD5=0B91F93264B06EE3FCEBA84EF4676995 -- C:\Windows\System32\drivers\volsnap.sys
[2006/11/02 04:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2008/04/26 10:19:06 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=327639D2EC931B057F3826A51ADC73E9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2008/04/26 10:19:07 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2008/04/26 10:19:07 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008/01/19 02:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/19 02:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2011/11/09 00:15:36 | 000,462,336 | ---- | M] (Microsoft Corporation) MD5=84332134805D5E4CD9538AED1946EF6A -- C:\Windows\ERDNT\cache\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\temp\RarSFX0\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\Windows\1970516416:1062112394.exe
< End of report >

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:55 PM

Posted 27 November 2011 - 11:21 PM

  • Boot to OTLPE as you did before.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    @Alternate Data Stream - 816 bytes -> C:\Windows\1970516416:1062112394.exe

    :files
    C:\Windows\System32\drivers\kbdclass.sys|C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\kbdclass.sys /replace
    C:\Windows\System32\drivers\volsnap.sys|C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys /replace

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

If these files are successfully replaced, boot in Normal Mode and run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremover.com/supported-applications. Do not use AppRemover on Norton

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 SarahDoughnut717

SarahDoughnut717
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 27 November 2011 - 11:55 PM

I did the first part, but then shut it down and restarted in normal mode so that I could install and run combo fix. I put the password into the account to get to the desktop, it said 'preparing your desktop' but then after awhile said 'userinit log on failed' here is the otl. what do i do next?


OTL logfile created on: 11/27/2011 11:35:23 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 88.22 Gb Free Space | 59.78% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.78% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto] -- -- (TosCoSrv)
SRV - File not found [Auto] -- -- (MSK80Service)
SRV - File not found [Auto] -- -- (MpfService)
SRV - File not found [On_Demand] -- -- (McSysmon)
SRV - File not found [Auto] -- -- (McProxy)
SRV - File not found [Auto] -- -- (mcmscsvc)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [Auto] -- -- (Apple Mobile Device)
SRV - [2011/11/08 22:53:19 | 000,532,480 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2011/11/08 22:53:16 | 000,196,608 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2011/11/08 22:53:12 | 000,225,280 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2011/11/08 22:53:10 | 000,294,912 | ---- | M] () [Auto] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2011/11/08 22:53:05 | 000,765,952 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/11/08 22:53:04 | 002,584,576 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2011/11/08 22:52:56 | 000,569,344 | ---- | M] (WildTangent, Inc.) [Auto] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2011/11/08 22:52:55 | 000,598,016 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/11/08 22:52:48 | 000,188,416 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2011/05/28 01:09:00 | 001,512,735 | -H-- | M] () [Auto] -- C:\ProgramData\dimlopmnjebx.dat -- (SENS)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand] -- -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IO_Memory)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/11/26 20:51:54 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\1970516416 -- (c0b17375)
DRV - [2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/18 19:35:53 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110415.001\bhdrvx86.sys -- (BHDrvx86)
DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\navex15.sys -- (NAVEX15)
DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\naveng.sys -- (NAVENG)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys -- (SymEFA)
DRV - [2011/03/14 21:29:00 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110330.001\idsvix86.sys -- (IDSVix86)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/01/19 02:42:48 | 000,227,896 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2008/01/19 02:41:52 | 000,035,384 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2007/09/19 13:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/07/24 15:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 10:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 12:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 12:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 12:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 12:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/06/01 16:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 01:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 01:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 07:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25402

IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?ie=UTF-8&amp;hl=en
IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/mswmp,version=1.0: C:\Program Files\SpiralFrog\wmp\np-mswmp.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SpiralFrog.com/Download Manager,version=1.0.0: C:\Program Files\SpiralFrog\NPSFDMGR.dll (SpiralFrog Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.528.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/23 15:33:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/23 15:33:05 | 000,000,000 | ---D | M]

[2010/12/08 17:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Steven_User_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe (SpiralFrog)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\Guest_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Guest_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steven_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Steven_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steven_User_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Steven_User_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - File not found
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/27 22:34:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard
[2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F
[2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/11/18 00:11:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2011/11/18 00:07:17 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\CrashDumps
[2011/11/17 23:13:58 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\NPE
[2011/11/17 23:07:14 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/11/17 22:52:39 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/17 22:52:11 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys
[2011/11/17 22:52:11 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/11/17 22:52:11 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys
[2011/11/17 22:52:11 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/11/17 22:52:11 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
[2011/11/17 22:52:11 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\ironx86.sys
[2011/11/17 22:52:11 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/11/17 22:51:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
[2011/11/17 22:50:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011/11/17 22:50:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/17 22:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/11/17 22:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2011/11/17 21:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/11/08 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012
[2011/11/07 19:15:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/26 20:51:54 | 000,000,000 | ---- | M] () -- C:\Windows\1970516416
[2011/11/26 20:51:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/26 19:24:11 | 146,509,049 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/26 19:09:25 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/26 19:09:25 | 000,105,530 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/26 18:43:58 | 076,004,920 | -H-- | M] () -- C:\ProgramData\xbejnmpolmid.dat
[2011/11/26 18:38:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 18:38:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 18:04:15 | 000,001,927 | ---- | M] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
[2011/11/26 17:58:53 | 000,000,925 | ---- | M] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
[2011/11/26 17:57:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
[2011/11/26 16:31:41 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ej23jnm23.dat
[2011/11/26 16:31:31 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocejmiaiw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\odej23moc.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\muhmiaol23.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\metroosehw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\exeiuqolmis.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ewqlldnolmia.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\otiuqarcjra.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocmuhmjila.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\niw46mia23.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\busmjnolexe.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\46nololarc.dat
[2011/11/26 16:12:36 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\mia46mirmoc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\arcotniwniw.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\23hwmiamoc.dat
[2011/11/18 20:01:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/11/18 18:20:45 | 000,775,673 | ---- | M] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
[2011/11/18 02:33:05 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
[2011/11/18 02:32:42 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlrmdr.exe
[2011/11/18 02:32:42 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpnotify.exe
[2011/11/18 02:32:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2011/11/18 02:31:59 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/11/18 02:31:15 | 000,318,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/11/18 02:29:40 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011/11/18 02:29:33 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasautou.exe
[2011/11/18 02:29:15 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2011/11/18 02:29:15 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/11/18 02:29:01 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printui.exe
[2011/11/18 02:28:41 | 000,520,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2011/11/18 02:28:41 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011/11/18 02:28:34 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011/11/18 02:28:32 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
[2011/11/18 02:28:27 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011/11/18 02:27:50 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2011/11/18 02:26:46 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/11/18 02:26:42 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011/11/18 02:26:33 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011/11/18 02:25:45 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011/11/18 02:24:18 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2011/11/18 02:23:55 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/11/18 02:23:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/11/18 02:22:41 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
[2011/11/18 02:22:13 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdbinst.exe
[2011/11/17 23:39:26 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_77621.nl_
[2011/11/17 23:18:19 | 002,284,298 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/17 23:16:36 | 006,691,812 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
[2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/17 22:52:39 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/17 22:52:39 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/17 22:52:17 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/17 20:30:31 | 000,001,814 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
[2011/11/17 18:00:24 | 000,000,680 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
[2011/11/17 17:55:33 | 000,002,609 | ---- | M] () -- C:\Users\Steven User\Desktop\Microsoft Office Word 2003.lnk
[2011/11/16 00:04:52 | 000,437,248 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\java.exe
[2011/11/14 17:55:47 | 000,000,340 | ---- | M] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
[2011/11/13 03:55:52 | 000,760,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/11/11 22:33:21 | 000,657,042 | ---- | M] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
[2011/11/11 00:57:47 | 000,022,519 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/11/09 23:14:20 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011/11/09 21:09:08 | 001,818,624 | ---- | M] () -- C:\Windows\System32\System Security 2012v121.exe
[2011/11/09 01:58:19 | 000,215,552 | ---- | M] () -- C:\Windows\zip.exe
[2011/11/09 00:32:40 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
[2011/11/09 00:32:38 | 000,178,688 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
[2011/11/09 00:31:38 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/11/09 00:31:38 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2011/11/09 00:31:37 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011/11/09 00:31:37 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/11/09 00:31:36 | 000,393,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/11/09 00:31:36 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/11/09 00:31:35 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
[2011/11/09 00:31:35 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\write.exe
[2011/11/09 00:31:34 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
[2011/11/09 00:31:34 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/11/09 00:31:34 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcer.exe
[2011/11/09 00:31:31 | 003,364,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/11/09 00:31:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winver.exe
[2011/11/09 00:31:30 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/11/09 00:31:29 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/11/09 00:31:27 | 000,355,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/11/09 00:31:22 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2011/11/09 00:31:22 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
[2011/11/09 00:31:21 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\whoami.exe
[2011/11/09 00:31:21 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\where.exe
[2011/11/09 00:31:20 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011/11/09 00:31:20 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/11/09 00:31:19 | 001,007,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/11/09 00:31:18 | 001,290,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011/11/09 00:31:18 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/11/09 00:30:41 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011/11/09 00:30:41 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
[2011/11/09 00:30:40 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsp1cln.exe
[2011/11/09 00:30:40 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
[2011/11/09 00:30:39 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
[2011/11/09 00:30:39 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verclsid.exe
[2011/11/09 00:30:38 | 000,786,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011/11/09 00:30:37 | 000,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/11/09 00:30:37 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
[2011/11/09 00:30:36 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2011/11/09 00:30:35 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2011/11/09 00:30:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\typeperf.exe
[2011/11/09 00:30:34 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011/11/09 00:30:33 | 000,484,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2011/11/09 00:30:33 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011/11/09 00:30:33 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TRACERT.EXE
[2011/11/09 00:30:32 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
[2011/11/09 00:30:32 | 000,225,280 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\tosmreg.exe
[2011/11/09 00:30:31 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timeout.exe
[2011/11/09 00:30:30 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcmsetup.exe
[2011/11/09 00:30:19 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2011/11/09 00:30:19 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2011/11/09 00:30:18 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011/11/09 00:30:18 | 000,158,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TapiUnattend.exe
[2011/11/09 00:30:17 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesRemote.exe
[2011/11/09 00:30:17 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011/11/09 00:30:17 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systray.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesProtection.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesPerformance.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesHardware.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesComputerName.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesAdvanced.exe
[2011/11/09 00:30:14 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
[2011/11/09 00:30:11 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
[2011/11/09 00:30:11 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
[2011/11/09 00:30:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\subst.exe
[2011/11/09 00:29:58 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2011/11/09 00:29:58 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sort.exe
[2011/11/09 00:29:57 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011/11/09 00:29:57 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/11/09 00:29:54 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011/11/09 00:29:53 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011/11/09 00:29:52 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sigverif.exe
[2011/11/09 00:29:51 | 000,543,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
[2011/11/09 00:29:51 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
[2011/11/09 00:29:50 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setx.exe
[2011/11/09 00:29:50 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
[2011/11/09 00:29:49 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011/11/09 00:29:49 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
[2011/11/09 00:29:48 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/11/09 00:29:47 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/11/09 00:29:47 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011/11/09 00:29:46 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
[2011/11/09 00:29:46 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secinit.exe
[2011/11/09 00:29:44 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/11/09 00:29:44 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
[2011/11/09 00:29:43 | 000,299,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/11/09 00:29:42 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011/11/09 00:29:42 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sc.exe
[2011/11/09 00:29:42 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2011/11/09 00:29:41 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RunLegacyCPLElevated.exe
[2011/11/09 00:29:41 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runas.exe
[2011/11/09 00:29:39 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/11/09 00:29:39 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
[2011/11/09 00:29:39 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/11/09 00:29:38 | 000,235,008 | ---- | M] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011/11/09 00:29:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RmClient.exe
[2011/11/09 00:29:37 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/11/09 00:29:37 | 000,494,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/11/09 00:29:36 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/11/09 00:29:36 | 000,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/11/09 00:29:35 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\replace.exe
[2011/11/09 00:29:19 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2011/11/09 00:29:19 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2011/11/09 00:29:18 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/11/09 00:29:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
[2011/11/09 00:29:17 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011/11/09 00:29:17 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
[2011/11/09 00:29:17 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regedt32.exe
[2011/11/09 00:29:16 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recover.exe
[2011/11/09 00:29:15 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
[2011/11/09 00:29:15 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
[2011/11/09 00:29:15 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
[2011/11/09 00:29:14 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011/11/09 00:29:13 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2011/11/09 00:29:12 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2011/11/09 00:29:10 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/11/09 00:29:10 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/11/09 00:29:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\print.exe
[2011/11/09 00:29:09 | 000,436,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/11/09 00:29:09 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powercfg.exe
[2011/11/09 00:29:08 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/11/09 00:29:08 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011/11/09 00:29:08 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\plasrv.exe
[2011/11/09 00:29:07 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/11/09 00:29:07 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
[2011/11/09 00:29:06 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011/11/09 00:29:06 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011/11/09 00:29:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaui.exe
[2011/11/09 00:29:05 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaelv.exe
[2011/11/09 00:29:05 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcalua.exe
[2011/11/09 00:29:04 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
[2011/11/09 00:29:04 | 000,329,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011/11/09 00:29:04 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PATHPING.EXE
[2011/11/09 00:29:03 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
[2011/11/09 00:29:03 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\openfiles.exe
[2011/11/09 00:28:54 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.exe
[2011/11/09 00:28:53 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcad32.exe
[2011/11/09 00:28:53 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/11/09 00:28:52 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2011/11/09 00:28:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/11/09 00:28:49 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/11/09 00:28:48 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netsh.exe
[2011/11/09 00:28:48 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NetProj.exe
[2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
[2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/11/09 00:28:46 | 000,306,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011/11/09 00:28:46 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net.exe
[2011/11/09 00:28:45 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
[2011/11/09 00:28:44 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
[2011/11/09 00:28:42 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
[2011/11/09 00:28:41 | 000,632,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2011/11/09 00:28:41 | 000,612,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2011/11/09 00:28:41 | 000,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/11/09 00:28:40 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/09 00:28:37 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011/11/09 00:28:37 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
[2011/11/09 00:28:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
[2011/11/09 00:28:33 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/11/09 00:28:32 | 001,939,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011/11/09 00:28:19 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2011/11/09 00:28:17 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/11/09 00:28:16 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011/11/09 00:28:16 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011/11/09 00:28:16 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdRes.exe
[2011/11/09 00:28:15 | 001,086,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/11/09 00:28:15 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2011/11/09 00:28:14 | 000,857,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011/11/09 00:28:11 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011/11/09 00:28:10 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011/11/09 00:28:10 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/11/09 00:28:07 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/11/09 00:28:06 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2011/11/09 00:28:01 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\label.exe
[2011/11/09 00:28:01 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2011/11/09 00:28:00 | 000,286,720 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/11/09 00:28:00 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/11/09 00:27:59 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/11/09 00:27:58 | 000,313,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\irftp.exe
[2011/11/09 00:27:58 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicpl.exe
[2011/11/09 00:27:57 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011/11/09 00:27:57 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
[2011/11/09 00:27:48 | 001,060,864 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2011/11/09 00:27:46 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/11/09 00:27:46 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/11/09 00:27:45 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/11/09 00:27:45 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2011/11/09 00:27:44 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2011/11/09 00:27:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2011/11/09 00:27:42 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/11/09 00:27:41 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\help.exe
[2011/11/09 00:27:40 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\grpconv.exe
[2011/11/09 00:27:38 | 000,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011/11/09 00:27:38 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011/11/09 00:27:37 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2011/11/09 00:27:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/11/09 00:27:36 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/11/09 00:27:35 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\forfiles.exe
[2011/11/09 00:27:35 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontview.exe
[2011/11/09 00:27:35 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fltMC.exe
[2011/11/09 00:27:34 | 002,732,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2011/11/09 00:27:34 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallSettings.exe
[2011/11/09 00:27:34 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fixmapi.exe
[2011/11/09 00:27:33 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/11/09 00:27:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\find.exe
[2011/11/09 00:27:33 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/11/09 00:27:32 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011/11/09 00:27:31 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2011/11/09 00:27:30 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventvwr.exe
[2011/11/09 00:27:30 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventcreate.exe
[2011/11/09 00:27:29 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/11/09 00:27:29 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2011/11/09 00:27:15 | 000,400,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/11/09 00:27:15 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\efsui.exe
[2011/11/09 00:27:14 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2011/11/09 00:27:13 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dvdupgrd.exe
[2011/11/09 00:22:42 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2011/11/09 00:22:41 | 000,170,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2011/11/09 00:22:41 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dplaysvr.exe
[2011/11/09 00:22:40 | 000,554,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011/11/09 00:22:40 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2011/11/09 00:22:39 | 000,249,856 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/11/09 00:22:39 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\doskey.exe
[2011/11/09 00:22:38 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2011/11/09 00:22:38 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhst3g.exe
[2011/11/09 00:22:37 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/11/09 00:22:37 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/11/09 00:22:37 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskperf.exe
[2011/11/09 00:22:36 | 000,241,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2011/11/09 00:22:36 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dialer.exe
[2011/11/09 00:22:35 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011/11/09 00:22:35 | 000,311,296 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2011/11/09 00:22:34 | 000,244,224 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2011/11/09 00:22:34 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2011/11/09 00:22:34 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2011/11/09 00:22:33 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011/11/09 00:22:33 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceProperties.exe
[2011/11/09 00:22:32 | 000,374,272 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2011/11/09 00:22:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dcomcnfg.exe
[2011/11/09 00:22:29 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/11/09 00:22:29 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credwiz.exe
[2011/11/09 00:22:28 | 000,359,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\control.exe
[2011/11/09 00:22:28 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2011/11/09 00:22:27 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011/11/09 00:21:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2011/11/09 00:21:00 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2011/11/09 00:21:00 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comp.exe
[2011/11/09 00:21:00 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\compact.exe
[2011/11/09 00:20:58 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\colorcpl.exe
[2011/11/09 00:20:57 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011/11/09 00:20:57 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cofire.exe
[2011/11/09 00:20:56 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
[2011/11/09 00:20:56 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011/11/09 00:20:55 | 000,466,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011/11/09 00:20:55 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clip.exe
[2011/11/09 00:20:55 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdkey.exe
[2011/11/09 00:20:54 | 000,326,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cleanmgr.exe
[2011/11/09 00:20:54 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011/11/09 00:20:54 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cliconfg.exe
[2011/11/09 00:20:53 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\choice.exe
[2011/11/09 00:20:53 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkntfs.exe
[2011/11/09 00:20:52 | 000,946,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011/11/09 00:20:52 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\charmap.exe
[2011/11/09 00:20:52 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkdsk.exe
[2011/11/09 00:20:51 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011/11/09 00:20:51 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011/11/09 00:20:46 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011/11/09 00:20:46 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2011/11/09 00:20:45 | 000,241,664 | ---- | M] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2011/11/09 00:20:45 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011/11/09 00:20:44 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2011/11/09 00:20:42 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011/11/09 00:20:41 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011/11/09 00:20:39 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/11/09 00:20:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
[2011/11/09 00:20:38 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
[2011/11/09 00:20:38 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2011/11/09 00:20:38 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/11/09 00:20:36 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AdapterTroubleshooter.exe
[2011/11/09 00:20:35 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2011/11/09 00:19:23 | 000,246,272 | ---- | M] () -- C:\Windows\sed.exe
[2011/11/09 00:19:20 | 000,425,984 | ---- | M] (Toshiba America Information Systems) -- C:\Windows\SavePOH.exe
[2011/11/09 00:19:19 | 004,591,616 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/11/09 00:19:19 | 001,339,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2011/11/09 00:19:08 | 000,403,968 | ---- | M] () -- C:\Windows\PEV.exe
[2011/11/09 00:15:49 | 000,462,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2011/11/09 00:15:48 | 000,645,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2011/11/09 00:15:43 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2011/11/09 00:14:57 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/11/09 00:08:50 | 000,195,072 | ---- | M] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2011/11/09 00:05:34 | 000,430,080 | ---- | M] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
[2011/11/08 23:35:12 | 000,638,976 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\cselect.exe
[2011/11/08 22:59:47 | 001,267,298 | ---- | M] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
[2011/11/08 22:53:30 | 005,292,544 | ---- | M] (ParetoLogic, Inc.) -- C:\Users\Steven User\Desktop\PCHA.exe
[2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
[2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2011/11/08 22:52:17 | 000,133,632 | ---- | M] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
[2011/11/06 23:35:41 | 000,001,100 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
[334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/26 16:31:41 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ej23jnm23.dat
[2011/11/26 16:31:31 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocejmiaiw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\odej23moc.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\muhmiaol23.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\metroosehw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\exeiuqolmis.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ewqlldnolmia.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\otiuqarcjra.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocmuhmjila.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\niw46mia23.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\busmjnolexe.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\46nololarc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\mia46mirmoc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\arcotniwniw.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\23hwmiamoc.dat
[2011/11/18 20:01:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F\isolate.ini
[2011/11/17 23:17:25 | 002,284,298 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/17 23:15:54 | 006,691,812 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
[2011/11/17 23:07:14 | 000,000,925 | ---- | C] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
[2011/11/17 22:52:39 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/17 22:52:39 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/17 22:52:11 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/11/17 22:52:11 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.cat
[2011/11/17 22:52:11 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.cat
[2011/11/17 22:52:11 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.cat
[2011/11/17 22:52:11 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/11/17 22:52:11 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/11/17 22:52:11 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.inf
[2011/11/17 22:52:11 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.inf
[2011/11/17 22:52:11 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/11/17 22:52:11 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.inf
[2011/11/17 22:52:11 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/11/17 22:52:11 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/11/17 22:52:11 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.inf
[2011/11/17 22:52:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
[2011/11/17 22:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.cat
[2011/11/17 20:30:31 | 000,001,927 | ---- | C] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
[2011/11/15 17:08:22 | 000,437,248 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\java.exe
[2011/11/12 01:33:53 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_77621.nl_
[2011/11/11 22:32:20 | 000,657,042 | ---- | C] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
[2011/11/08 23:52:09 | 000,775,673 | ---- | C] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
[2011/11/08 22:59:47 | 000,430,080 | ---- | C] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
[2011/11/08 22:57:40 | 000,001,814 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
[2011/11/08 22:57:32 | 001,818,624 | ---- | C] () -- C:\Windows\System32\System Security 2012v121.exe
[2011/11/08 22:53:33 | 000,000,340 | ---- | C] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
[2011/11/08 22:52:12 | 001,267,298 | ---- | C] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
[2011/11/08 22:52:12 | 000,133,632 | ---- | C] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
[2011/06/06 21:59:30 | 000,000,680 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
[2011/06/05 22:09:49 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~30531320r
[2011/06/05 22:09:48 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~30531320
[2011/06/05 22:08:44 | 000,000,392 | -H-- | C] () -- C:\ProgramData\30531320
[2011/06/05 17:51:42 | 000,001,100 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
[2011/05/28 01:09:00 | 076,004,920 | -H-- | C] () -- C:\ProgramData\xbejnmpolmid.dat
[2011/05/28 01:09:00 | 003,748,983 | -H-- | C] () -- C:\Windows\System32\32mnj32je.dat
[2011/05/28 01:09:00 | 003,412,402 | -H-- | C] () -- C:\Windows\System32\com32jedo.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\winwintocra.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comrim64aim.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comaimwh32.dat
[2011/05/28 01:09:00 | 003,233,636 | -H-- | C] () -- C:\Windows\System32\wiaimjeco.dat
[2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\exelonjmsub.dat
[2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\alijmhumco.dat
[2011/05/28 01:09:00 | 002,938,007 | -H-- | C] () -- C:\Windows\System32\simloquiexe.dat
[2011/05/28 01:09:00 | 002,610,209 | -H-- | C] () -- C:\Windows\System32\arjcraquito.dat
[2011/05/28 01:09:00 | 002,554,671 | -H-- | C] () -- C:\Windows\System32\32aim64win.dat
[2011/05/28 01:09:00 | 002,499,132 | -H-- | C] () -- C:\Windows\System32\32loaimhum.dat
[2011/05/28 01:09:00 | 002,480,750 | -H-- | C] () -- C:\Windows\System32\cralolon64.dat
[2011/05/28 01:09:00 | 002,024,737 | -H-- | C] () -- C:\Windows\System32\aimlondllqwe.dat
[2011/05/28 01:09:00 | 002,016,254 | -H-- | C] () -- C:\Windows\System32\whesoortem.dat
[2011/05/28 01:09:00 | 001,512,735 | -H-- | C] () -- C:\ProgramData\dimlopmnjebx.dat
[2010/11/29 16:08:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/29 16:08:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/25 17:10:48 | 000,227,896 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/25 17:07:39 | 000,035,384 | ---- | C] () -- C:\Windows\System32\drivers\kbdclass.sys
[2010/11/24 14:42:18 | 000,000,680 | ---- | C] () -- C:\Users\Steven\AppData\Local\d3d9caps.dat
[2010/09/30 14:47:29 | 000,403,968 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/30 14:47:29 | 000,246,272 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/30 14:47:29 | 000,215,552 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/30 14:47:29 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/30 14:47:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/10 20:45:27 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/07/28 23:18:47 | 000,003,584 | ---- | C] () -- C:\Users\Guest\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 19:20:27 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/12/03 19:20:27 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT
[2008/10/26 11:26:38 | 000,006,656 | ---- | C] () -- C:\Users\Steven User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/16 19:10:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/29 17:35:45 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/11/06 18:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/11/06 18:13:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/11/06 18:13:22 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/11/06 18:13:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/11/06 18:13:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/11/06 17:33:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/11/06 17:33:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/11/06 17:33:44 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/11/06 17:33:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/09/13 18:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 18:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 18:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 18:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/05 16:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,321,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,607,658 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,530 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\DriverCure
[2010/10/04 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\gtk-2.0
[2010/12/15 15:03:25 | 000,000,000 | -HSD | M] -- C:\Users\Steven\AppData\Roaming\Internet Security Suite
[2010/07/11 15:05:20 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\My Battle for Middle-earth Files
[2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\ParetoLogic
[2008/04/06 10:57:17 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\TOSHIBA
[2008/03/29 17:43:54 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WildTangent
[2008/04/06 10:55:30 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WinBatch
[2011/06/05 22:05:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\BitTorrent
[2010/12/07 15:45:17 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\DriverCure
[2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth Files
[2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth™ II Files
[2010/12/07 15:45:12 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\ParetoLogic
[2009/12/13 16:18:55 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WeatherBug
[2008/06/27 16:19:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WinBatch
[2011/01/13 03:07:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\2f8725
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/06/06 22:12:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Flip Video
[2010/12/08 18:35:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\ISVZJKWXPS
[2010/09/10 19:40:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\MSDXBJHHS
[2011/06/05 21:17:26 | 000,000,000 | -H-D | M] -- C:\ProgramData\Napster
[2011/11/26 17:58:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\ParetoLogic
[2011/11/17 22:36:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2007/12/11 08:36:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\Toshiba
[2011/06/06 22:12:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2011/06/06 22:12:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2009/03/15 14:23:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2007/12/11 08:13:39 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/05/02 13:17:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/14 23:59:59 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/10/01 00:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/09/10 21:54:55 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011/11/26 16:31:01 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< :OTL >

< @Alternate Data Stream - 816 bytes -> C:\Windows\1970516416:1062112394.exe >


< :files >

< C:\Windows\System32\drivers\kbdclass.sys|C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\kbdclass.sys /replace >
Invalid Switch: replace

< C:\Windows\System32\drivers\volsnap.sys|C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys /replace >
Invalid Switch: replace


========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\Windows\1970516416:1062112394.exe

< End of report >

#6 SarahDoughnut717

SarahDoughnut717
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 28 November 2011 - 09:02 AM

I booted it to reatogo again, what do I do now?

#7 SarahDoughnut717

SarahDoughnut717
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 28 November 2011 - 10:19 AM

Does anyone know what I should do next?

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:55 PM

Posted 28 November 2011 - 10:57 AM

You have to be patient. The fix I posted you ran it as a scan, not as a fix. Please read the instructions and try again.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 SarahDoughnut717

SarahDoughnut717
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 28 November 2011 - 11:07 AM

Here is the scan when I ran it again, I'm guessing it wasn't successfully replaced so I shouldn't try combo fix?


OTL logfile created on: 11/28/2011 11:01:29 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 86.23 Gb Free Space | 58.43% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.77% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto] -- -- (TosCoSrv)
SRV - File not found [Auto] -- -- (MSK80Service)
SRV - File not found [Auto] -- -- (MpfService)
SRV - File not found [On_Demand] -- -- (McSysmon)
SRV - File not found [Auto] -- -- (McProxy)
SRV - File not found [Auto] -- -- (mcmscsvc)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [Auto] -- -- (Apple Mobile Device)
SRV - [2011/11/08 22:53:19 | 000,532,480 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2011/11/08 22:53:16 | 000,196,608 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2011/11/08 22:53:12 | 000,225,280 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2011/11/08 22:53:10 | 000,294,912 | ---- | M] () [Auto] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2011/11/08 22:53:05 | 000,765,952 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/11/08 22:53:04 | 002,584,576 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2011/11/08 22:52:56 | 000,569,344 | ---- | M] (WildTangent, Inc.) [Auto] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2011/11/08 22:52:55 | 000,598,016 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/11/08 22:52:48 | 000,188,416 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2011/05/28 01:09:00 | 001,512,735 | -H-- | M] () [Auto] -- C:\ProgramData\dimlopmnjebx.dat -- (SENS)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand] -- -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IO_Memory)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/11/27 23:48:35 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\1970516416 -- (c0b17375)
DRV - [2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/18 19:35:53 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110415.001\bhdrvx86.sys -- (BHDrvx86)
DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\navex15.sys -- (NAVEX15)
DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\naveng.sys -- (NAVENG)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys -- (SymEFA)
DRV - [2011/03/14 21:29:00 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110330.001\idsvix86.sys -- (IDSVix86)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/01/19 02:42:48 | 000,227,896 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2008/01/19 02:41:52 | 000,035,384 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2007/09/19 13:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/07/24 15:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 10:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 12:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 12:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 12:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 12:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/06/01 16:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 01:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 01:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 07:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25402

IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?ie=UTF-8&amp;hl=en
IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/mswmp,version=1.0: C:\Program Files\SpiralFrog\wmp\np-mswmp.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SpiralFrog.com/Download Manager,version=1.0.0: C:\Program Files\SpiralFrog\NPSFDMGR.dll (SpiralFrog Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.528.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/23 15:33:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/23 15:33:05 | 000,000,000 | ---D | M]

[2010/12/08 17:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Steven_User_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe (SpiralFrog)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\Guest_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Guest_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steven_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Steven_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steven_User_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Steven_User_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - File not found
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/27 22:34:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard
[2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F
[2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/11/18 00:11:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2011/11/18 00:07:17 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\CrashDumps
[2011/11/17 23:13:58 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\NPE
[2011/11/17 23:07:14 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/11/17 22:52:39 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/17 22:52:11 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys
[2011/11/17 22:52:11 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/11/17 22:52:11 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys
[2011/11/17 22:52:11 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/11/17 22:52:11 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
[2011/11/17 22:52:11 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\ironx86.sys
[2011/11/17 22:52:11 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/11/17 22:51:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
[2011/11/17 22:50:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011/11/17 22:50:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/17 22:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/11/17 22:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2011/11/17 21:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/11/08 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012
[2011/11/07 19:15:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/27 23:56:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 23:48:35 | 000,000,000 | ---- | M] () -- C:\Windows\1970516416
[2011/11/27 23:47:40 | 2137,415,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/26 19:24:11 | 146,509,049 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/26 19:09:25 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/26 19:09:25 | 000,105,530 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/26 18:43:58 | 076,004,920 | -H-- | M] () -- C:\ProgramData\xbejnmpolmid.dat
[2011/11/26 18:38:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 18:38:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 18:04:15 | 000,001,927 | ---- | M] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
[2011/11/26 17:58:53 | 000,000,925 | ---- | M] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
[2011/11/26 17:57:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
[2011/11/26 16:31:41 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ej23jnm23.dat
[2011/11/26 16:31:31 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocejmiaiw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\odej23moc.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\muhmiaol23.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\metroosehw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\exeiuqolmis.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ewqlldnolmia.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\otiuqarcjra.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocmuhmjila.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\niw46mia23.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\busmjnolexe.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\46nololarc.dat
[2011/11/26 16:12:36 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\mia46mirmoc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\arcotniwniw.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\23hwmiamoc.dat
[2011/11/18 20:01:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/11/18 18:20:45 | 000,775,673 | ---- | M] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
[2011/11/18 02:33:05 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
[2011/11/18 02:32:42 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlrmdr.exe
[2011/11/18 02:32:42 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpnotify.exe
[2011/11/18 02:32:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2011/11/18 02:31:59 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/11/18 02:31:15 | 000,318,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/11/18 02:29:40 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011/11/18 02:29:33 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasautou.exe
[2011/11/18 02:29:15 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2011/11/18 02:29:15 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/11/18 02:29:01 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printui.exe
[2011/11/18 02:28:41 | 000,520,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2011/11/18 02:28:41 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011/11/18 02:28:34 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011/11/18 02:28:32 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
[2011/11/18 02:28:27 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011/11/18 02:27:50 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2011/11/18 02:26:46 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/11/18 02:26:42 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011/11/18 02:26:33 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011/11/18 02:25:45 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011/11/18 02:24:18 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2011/11/18 02:23:55 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/11/18 02:23:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/11/18 02:22:41 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
[2011/11/18 02:22:13 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdbinst.exe
[2011/11/17 23:39:26 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_77621.nl_
[2011/11/17 23:18:19 | 002,284,298 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/17 23:16:36 | 006,691,812 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
[2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/17 22:52:39 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/17 22:52:39 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/17 22:52:17 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/17 20:30:31 | 000,001,814 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
[2011/11/17 18:00:24 | 000,000,680 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
[2011/11/17 17:55:33 | 000,002,609 | ---- | M] () -- C:\Users\Steven User\Desktop\Microsoft Office Word 2003.lnk
[2011/11/16 00:04:52 | 000,437,248 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\java.exe
[2011/11/14 17:55:47 | 000,000,340 | ---- | M] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
[2011/11/13 03:55:52 | 000,760,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/11/11 22:33:21 | 000,657,042 | ---- | M] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
[2011/11/11 00:57:47 | 000,022,519 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/11/09 23:14:20 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011/11/09 21:09:08 | 001,818,624 | ---- | M] () -- C:\Windows\System32\System Security 2012v121.exe
[2011/11/09 01:58:19 | 000,215,552 | ---- | M] () -- C:\Windows\zip.exe
[2011/11/09 00:32:40 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
[2011/11/09 00:32:38 | 000,178,688 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
[2011/11/09 00:31:38 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/11/09 00:31:38 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2011/11/09 00:31:37 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011/11/09 00:31:37 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/11/09 00:31:36 | 000,393,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/11/09 00:31:36 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/11/09 00:31:35 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
[2011/11/09 00:31:35 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\write.exe
[2011/11/09 00:31:34 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
[2011/11/09 00:31:34 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/11/09 00:31:34 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcer.exe
[2011/11/09 00:31:31 | 003,364,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/11/09 00:31:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winver.exe
[2011/11/09 00:31:30 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/11/09 00:31:29 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/11/09 00:31:27 | 000,355,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/11/09 00:31:22 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2011/11/09 00:31:22 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
[2011/11/09 00:31:21 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\whoami.exe
[2011/11/09 00:31:21 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\where.exe
[2011/11/09 00:31:20 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011/11/09 00:31:20 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/11/09 00:31:19 | 001,007,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/11/09 00:31:18 | 001,290,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011/11/09 00:31:18 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/11/09 00:30:41 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011/11/09 00:30:41 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
[2011/11/09 00:30:40 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsp1cln.exe
[2011/11/09 00:30:40 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
[2011/11/09 00:30:39 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
[2011/11/09 00:30:39 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verclsid.exe
[2011/11/09 00:30:38 | 000,786,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011/11/09 00:30:37 | 000,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/11/09 00:30:37 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
[2011/11/09 00:30:36 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2011/11/09 00:30:35 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2011/11/09 00:30:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\typeperf.exe
[2011/11/09 00:30:34 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011/11/09 00:30:33 | 000,484,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2011/11/09 00:30:33 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011/11/09 00:30:33 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TRACERT.EXE
[2011/11/09 00:30:32 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
[2011/11/09 00:30:32 | 000,225,280 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\tosmreg.exe
[2011/11/09 00:30:31 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timeout.exe
[2011/11/09 00:30:30 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcmsetup.exe
[2011/11/09 00:30:19 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2011/11/09 00:30:19 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2011/11/09 00:30:18 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011/11/09 00:30:18 | 000,158,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TapiUnattend.exe
[2011/11/09 00:30:17 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesRemote.exe
[2011/11/09 00:30:17 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011/11/09 00:30:17 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systray.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesProtection.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesPerformance.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesHardware.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesComputerName.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesAdvanced.exe
[2011/11/09 00:30:14 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
[2011/11/09 00:30:11 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
[2011/11/09 00:30:11 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
[2011/11/09 00:30:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\subst.exe
[2011/11/09 00:29:58 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2011/11/09 00:29:58 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sort.exe
[2011/11/09 00:29:57 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011/11/09 00:29:57 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/11/09 00:29:54 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011/11/09 00:29:53 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011/11/09 00:29:52 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sigverif.exe
[2011/11/09 00:29:51 | 000,543,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
[2011/11/09 00:29:51 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
[2011/11/09 00:29:50 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setx.exe
[2011/11/09 00:29:50 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
[2011/11/09 00:29:49 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011/11/09 00:29:49 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
[2011/11/09 00:29:48 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/11/09 00:29:47 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/11/09 00:29:47 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011/11/09 00:29:46 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
[2011/11/09 00:29:46 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secinit.exe
[2011/11/09 00:29:44 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/11/09 00:29:44 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
[2011/11/09 00:29:43 | 000,299,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/11/09 00:29:42 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011/11/09 00:29:42 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sc.exe
[2011/11/09 00:29:42 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2011/11/09 00:29:41 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RunLegacyCPLElevated.exe
[2011/11/09 00:29:41 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runas.exe
[2011/11/09 00:29:39 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/11/09 00:29:39 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
[2011/11/09 00:29:39 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/11/09 00:29:38 | 000,235,008 | ---- | M] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011/11/09 00:29:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RmClient.exe
[2011/11/09 00:29:37 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/11/09 00:29:37 | 000,494,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/11/09 00:29:36 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/11/09 00:29:36 | 000,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/11/09 00:29:35 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\replace.exe
[2011/11/09 00:29:19 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2011/11/09 00:29:19 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2011/11/09 00:29:18 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/11/09 00:29:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
[2011/11/09 00:29:17 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011/11/09 00:29:17 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
[2011/11/09 00:29:17 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regedt32.exe
[2011/11/09 00:29:16 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recover.exe
[2011/11/09 00:29:15 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
[2011/11/09 00:29:15 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
[2011/11/09 00:29:15 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
[2011/11/09 00:29:14 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011/11/09 00:29:13 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2011/11/09 00:29:12 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2011/11/09 00:29:10 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/11/09 00:29:10 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/11/09 00:29:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\print.exe
[2011/11/09 00:29:09 | 000,436,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/11/09 00:29:09 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powercfg.exe
[2011/11/09 00:29:08 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/11/09 00:29:08 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011/11/09 00:29:08 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\plasrv.exe
[2011/11/09 00:29:07 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/11/09 00:29:07 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
[2011/11/09 00:29:06 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011/11/09 00:29:06 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011/11/09 00:29:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaui.exe
[2011/11/09 00:29:05 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaelv.exe
[2011/11/09 00:29:05 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcalua.exe
[2011/11/09 00:29:04 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
[2011/11/09 00:29:04 | 000,329,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011/11/09 00:29:04 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PATHPING.EXE
[2011/11/09 00:29:03 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
[2011/11/09 00:29:03 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\openfiles.exe
[2011/11/09 00:28:54 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.exe
[2011/11/09 00:28:53 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcad32.exe
[2011/11/09 00:28:53 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/11/09 00:28:52 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2011/11/09 00:28:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/11/09 00:28:49 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/11/09 00:28:48 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netsh.exe
[2011/11/09 00:28:48 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NetProj.exe
[2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
[2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/11/09 00:28:46 | 000,306,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011/11/09 00:28:46 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net.exe
[2011/11/09 00:28:45 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
[2011/11/09 00:28:44 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
[2011/11/09 00:28:42 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
[2011/11/09 00:28:41 | 000,632,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2011/11/09 00:28:41 | 000,612,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2011/11/09 00:28:41 | 000,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/11/09 00:28:40 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/09 00:28:37 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011/11/09 00:28:37 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
[2011/11/09 00:28:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
[2011/11/09 00:28:33 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/11/09 00:28:32 | 001,939,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011/11/09 00:28:19 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2011/11/09 00:28:17 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/11/09 00:28:16 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011/11/09 00:28:16 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011/11/09 00:28:16 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdRes.exe
[2011/11/09 00:28:15 | 001,086,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/11/09 00:28:15 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2011/11/09 00:28:14 | 000,857,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011/11/09 00:28:11 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011/11/09 00:28:10 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011/11/09 00:28:10 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/11/09 00:28:07 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/11/09 00:28:06 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2011/11/09 00:28:01 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\label.exe
[2011/11/09 00:28:01 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2011/11/09 00:28:00 | 000,286,720 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/11/09 00:28:00 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/11/09 00:27:59 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/11/09 00:27:58 | 000,313,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\irftp.exe
[2011/11/09 00:27:58 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicpl.exe
[2011/11/09 00:27:57 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011/11/09 00:27:57 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
[2011/11/09 00:27:48 | 001,060,864 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2011/11/09 00:27:46 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/11/09 00:27:46 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/11/09 00:27:45 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/11/09 00:27:45 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2011/11/09 00:27:44 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2011/11/09 00:27:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2011/11/09 00:27:42 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/11/09 00:27:41 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\help.exe
[2011/11/09 00:27:40 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\grpconv.exe
[2011/11/09 00:27:38 | 000,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011/11/09 00:27:38 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011/11/09 00:27:37 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2011/11/09 00:27:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/11/09 00:27:36 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/11/09 00:27:35 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\forfiles.exe
[2011/11/09 00:27:35 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontview.exe
[2011/11/09 00:27:35 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fltMC.exe
[2011/11/09 00:27:34 | 002,732,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2011/11/09 00:27:34 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallSettings.exe
[2011/11/09 00:27:34 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fixmapi.exe
[2011/11/09 00:27:33 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/11/09 00:27:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\find.exe
[2011/11/09 00:27:33 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/11/09 00:27:32 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011/11/09 00:27:31 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2011/11/09 00:27:30 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventvwr.exe
[2011/11/09 00:27:30 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventcreate.exe
[2011/11/09 00:27:29 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/11/09 00:27:29 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2011/11/09 00:27:15 | 000,400,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/11/09 00:27:15 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\efsui.exe
[2011/11/09 00:27:14 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2011/11/09 00:27:13 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dvdupgrd.exe
[2011/11/09 00:22:42 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2011/11/09 00:22:41 | 000,170,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2011/11/09 00:22:41 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dplaysvr.exe
[2011/11/09 00:22:40 | 000,554,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011/11/09 00:22:40 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2011/11/09 00:22:39 | 000,249,856 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/11/09 00:22:39 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\doskey.exe
[2011/11/09 00:22:38 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2011/11/09 00:22:38 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhst3g.exe
[2011/11/09 00:22:37 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/11/09 00:22:37 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/11/09 00:22:37 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskperf.exe
[2011/11/09 00:22:36 | 000,241,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2011/11/09 00:22:36 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dialer.exe
[2011/11/09 00:22:35 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011/11/09 00:22:35 | 000,311,296 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2011/11/09 00:22:34 | 000,244,224 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2011/11/09 00:22:34 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2011/11/09 00:22:34 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2011/11/09 00:22:33 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011/11/09 00:22:33 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceProperties.exe
[2011/11/09 00:22:32 | 000,374,272 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2011/11/09 00:22:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dcomcnfg.exe
[2011/11/09 00:22:29 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/11/09 00:22:29 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credwiz.exe
[2011/11/09 00:22:28 | 000,359,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\control.exe
[2011/11/09 00:22:28 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2011/11/09 00:22:27 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011/11/09 00:21:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2011/11/09 00:21:00 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2011/11/09 00:21:00 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comp.exe
[2011/11/09 00:21:00 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\compact.exe
[2011/11/09 00:20:58 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\colorcpl.exe
[2011/11/09 00:20:57 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011/11/09 00:20:57 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cofire.exe
[2011/11/09 00:20:56 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
[2011/11/09 00:20:56 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011/11/09 00:20:55 | 000,466,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011/11/09 00:20:55 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clip.exe
[2011/11/09 00:20:55 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdkey.exe
[2011/11/09 00:20:54 | 000,326,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cleanmgr.exe
[2011/11/09 00:20:54 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011/11/09 00:20:54 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cliconfg.exe
[2011/11/09 00:20:53 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\choice.exe
[2011/11/09 00:20:53 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkntfs.exe
[2011/11/09 00:20:52 | 000,946,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011/11/09 00:20:52 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\charmap.exe
[2011/11/09 00:20:52 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkdsk.exe
[2011/11/09 00:20:51 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011/11/09 00:20:51 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011/11/09 00:20:46 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011/11/09 00:20:46 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2011/11/09 00:20:45 | 000,241,664 | ---- | M] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2011/11/09 00:20:45 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011/11/09 00:20:44 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2011/11/09 00:20:42 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011/11/09 00:20:41 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011/11/09 00:20:39 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/11/09 00:20:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
[2011/11/09 00:20:38 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
[2011/11/09 00:20:38 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2011/11/09 00:20:38 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/11/09 00:20:36 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AdapterTroubleshooter.exe
[2011/11/09 00:20:35 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2011/11/09 00:19:23 | 000,246,272 | ---- | M] () -- C:\Windows\sed.exe
[2011/11/09 00:19:20 | 000,425,984 | ---- | M] (Toshiba America Information Systems) -- C:\Windows\SavePOH.exe
[2011/11/09 00:19:19 | 004,591,616 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/11/09 00:19:19 | 001,339,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2011/11/09 00:19:08 | 000,403,968 | ---- | M] () -- C:\Windows\PEV.exe
[2011/11/09 00:15:49 | 000,462,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2011/11/09 00:15:48 | 000,645,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2011/11/09 00:15:43 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2011/11/09 00:14:57 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/11/09 00:08:50 | 000,195,072 | ---- | M] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2011/11/09 00:05:34 | 000,430,080 | ---- | M] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
[2011/11/08 23:35:12 | 000,638,976 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\cselect.exe
[2011/11/08 22:59:47 | 001,267,298 | ---- | M] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
[2011/11/08 22:53:30 | 005,292,544 | ---- | M] (ParetoLogic, Inc.) -- C:\Users\Steven User\Desktop\PCHA.exe
[2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
[2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2011/11/08 22:52:17 | 000,133,632 | ---- | M] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
[2011/11/06 23:35:41 | 000,001,100 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
[334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 23:47:40 | 2137,415,680 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/26 16:31:41 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ej23jnm23.dat
[2011/11/26 16:31:31 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocejmiaiw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\odej23moc.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\muhmiaol23.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\metroosehw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\exeiuqolmis.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ewqlldnolmia.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\otiuqarcjra.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocmuhmjila.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\niw46mia23.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\busmjnolexe.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\46nololarc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\mia46mirmoc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\arcotniwniw.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\23hwmiamoc.dat
[2011/11/18 20:01:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F\isolate.ini
[2011/11/17 23:17:25 | 002,284,298 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/17 23:15:54 | 006,691,812 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
[2011/11/17 23:07:14 | 000,000,925 | ---- | C] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
[2011/11/17 22:52:39 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/17 22:52:39 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/17 22:52:11 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/11/17 22:52:11 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.cat
[2011/11/17 22:52:11 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.cat
[2011/11/17 22:52:11 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.cat
[2011/11/17 22:52:11 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/11/17 22:52:11 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/11/17 22:52:11 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.inf
[2011/11/17 22:52:11 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.inf
[2011/11/17 22:52:11 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/11/17 22:52:11 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.inf
[2011/11/17 22:52:11 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/11/17 22:52:11 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/11/17 22:52:11 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.inf
[2011/11/17 22:52:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
[2011/11/17 22:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.cat
[2011/11/17 20:30:31 | 000,001,927 | ---- | C] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
[2011/11/15 17:08:22 | 000,437,248 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\java.exe
[2011/11/12 01:33:53 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_77621.nl_
[2011/11/11 22:32:20 | 000,657,042 | ---- | C] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
[2011/11/08 23:52:09 | 000,775,673 | ---- | C] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
[2011/11/08 22:59:47 | 000,430,080 | ---- | C] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
[2011/11/08 22:57:40 | 000,001,814 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
[2011/11/08 22:57:32 | 001,818,624 | ---- | C] () -- C:\Windows\System32\System Security 2012v121.exe
[2011/11/08 22:53:33 | 000,000,340 | ---- | C] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
[2011/11/08 22:52:12 | 001,267,298 | ---- | C] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
[2011/11/08 22:52:12 | 000,133,632 | ---- | C] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
[2011/06/06 21:59:30 | 000,000,680 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
[2011/06/05 22:09:49 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~30531320r
[2011/06/05 22:09:48 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~30531320
[2011/06/05 22:08:44 | 000,000,392 | -H-- | C] () -- C:\ProgramData\30531320
[2011/06/05 17:51:42 | 000,001,100 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
[2011/05/28 01:09:00 | 076,004,920 | -H-- | C] () -- C:\ProgramData\xbejnmpolmid.dat
[2011/05/28 01:09:00 | 003,748,983 | -H-- | C] () -- C:\Windows\System32\32mnj32je.dat
[2011/05/28 01:09:00 | 003,412,402 | -H-- | C] () -- C:\Windows\System32\com32jedo.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\winwintocra.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comrim64aim.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comaimwh32.dat
[2011/05/28 01:09:00 | 003,233,636 | -H-- | C] () -- C:\Windows\System32\wiaimjeco.dat
[2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\exelonjmsub.dat
[2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\alijmhumco.dat
[2011/05/28 01:09:00 | 002,938,007 | -H-- | C] () -- C:\Windows\System32\simloquiexe.dat
[2011/05/28 01:09:00 | 002,610,209 | -H-- | C] () -- C:\Windows\System32\arjcraquito.dat
[2011/05/28 01:09:00 | 002,554,671 | -H-- | C] () -- C:\Windows\System32\32aim64win.dat
[2011/05/28 01:09:00 | 002,499,132 | -H-- | C] () -- C:\Windows\System32\32loaimhum.dat
[2011/05/28 01:09:00 | 002,480,750 | -H-- | C] () -- C:\Windows\System32\cralolon64.dat
[2011/05/28 01:09:00 | 002,024,737 | -H-- | C] () -- C:\Windows\System32\aimlondllqwe.dat
[2011/05/28 01:09:00 | 002,016,254 | -H-- | C] () -- C:\Windows\System32\whesoortem.dat
[2011/05/28 01:09:00 | 001,512,735 | -H-- | C] () -- C:\ProgramData\dimlopmnjebx.dat
[2010/11/29 16:08:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/29 16:08:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/25 17:10:48 | 000,227,896 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/25 17:07:39 | 000,035,384 | ---- | C] () -- C:\Windows\System32\drivers\kbdclass.sys
[2010/11/24 14:42:18 | 000,000,680 | ---- | C] () -- C:\Users\Steven\AppData\Local\d3d9caps.dat
[2010/09/30 14:47:29 | 000,403,968 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/30 14:47:29 | 000,246,272 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/30 14:47:29 | 000,215,552 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/30 14:47:29 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/30 14:47:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/10 20:45:27 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/07/28 23:18:47 | 000,003,584 | ---- | C] () -- C:\Users\Guest\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 19:20:27 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/12/03 19:20:27 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT
[2008/10/26 11:26:38 | 000,006,656 | ---- | C] () -- C:\Users\Steven User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/16 19:10:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/29 17:35:45 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/11/06 18:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/11/06 18:13:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/11/06 18:13:22 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/11/06 18:13:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/11/06 18:13:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/11/06 17:33:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/11/06 17:33:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/11/06 17:33:44 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/11/06 17:33:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/09/13 18:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 18:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 18:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 18:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/05 16:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,321,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,607,658 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,530 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\DriverCure
[2010/10/04 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\gtk-2.0
[2010/12/15 15:03:25 | 000,000,000 | -HSD | M] -- C:\Users\Steven\AppData\Roaming\Internet Security Suite
[2010/07/11 15:05:20 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\My Battle for Middle-earth Files
[2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\ParetoLogic
[2008/04/06 10:57:17 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\TOSHIBA
[2008/03/29 17:43:54 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WildTangent
[2008/04/06 10:55:30 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WinBatch
[2011/06/05 22:05:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\BitTorrent
[2010/12/07 15:45:17 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\DriverCure
[2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth Files
[2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth™ II Files
[2010/12/07 15:45:12 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\ParetoLogic
[2009/12/13 16:18:55 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WeatherBug
[2008/06/27 16:19:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WinBatch
[2011/01/13 03:07:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\2f8725
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/06/06 22:12:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Flip Video
[2010/12/08 18:35:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\ISVZJKWXPS
[2010/09/10 19:40:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\MSDXBJHHS
[2011/06/05 21:17:26 | 000,000,000 | -H-D | M] -- C:\ProgramData\Napster
[2011/11/26 17:58:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\ParetoLogic
[2011/11/17 22:36:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2007/12/11 08:36:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\Toshiba
[2011/06/06 22:12:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2011/06/06 22:12:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2009/03/15 14:23:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2007/12/11 08:13:39 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/05/02 13:17:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/14 23:59:59 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/10/01 00:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/09/10 21:54:55 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011/11/26 16:31:01 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< :OTL >

< @Alternate Data Stream - 816 bytes -> C:\Windows\1970516416:1062112394.exe >


< :files >

< C:\Windows\System32\drivers\kbdclass.sys|C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\kbdclass.sys /replace >
Invalid Switch: replace

< C:\Windows\System32\drivers\volsnap.sys|C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys /replace >
Invalid Switch: replace


========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\Windows\1970516416:1062112394.exe

< End of report >

#10 SarahDoughnut717

SarahDoughnut717
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 28 November 2011 - 11:09 AM

sorry, I misunderstood. I'll do it the right way now.

#11 SarahDoughnut717

SarahDoughnut717
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 28 November 2011 - 11:25 AM

I did it, but when I tried to start it normally, on the welcome screen there was 'Guest' and 'other' and passwords were needed for both of those accounts. I don't know what to do now. here is the fix log


========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\0D1.exe deleted successfully.
C:\Program Files\LP\4849\0D1.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FcSibD3pn4Q6W7E deleted successfully.
C:\Users\Steven User\AppData\Roaming\dwme.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Gamevance deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\j1ivD3onFaHsJdL8234A deleted successfully.
File C:\Windows\System32\System Security 2012v121.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rdWK8fRL9TqUeIr8234A deleted successfully.
Registry value HKEY_USERS\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_USERS\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\0D1.exe deleted successfully.
C:\Users\Steven User\AppData\Roaming\Microsoft\4849\0D1.exe moved successfully.
Registry value HKEY_USERS\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\1Y5U7AYUWGXY3X8WVZDKGNVBRXW deleted successfully.
C:\Fonts\6DFBBA77D25.exe moved successfully.
Registry value HKEY_USERS\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\CvS2obF3pGa8234A deleted successfully.
Registry value HKEY_USERS\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Privacy Protection deleted successfully.
C:\ProgramData\privacy.exe moved successfully.
Registry value HKEY_USERS\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\c0b17375 deleted successfully.
Registry value HKEY_USERS\Steven_User_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\system32\config\systemprofile\AppData\Local\c0b17375\X deleted successfully.
========== FILES ==========
C:\Users\Steven User\AppData\Roaming\RucS2ibD3n4Q6W folder moved successfully.
C:\Users\Steven User\AppData\Roaming\iL9gTXqjYeIrOtA folder moved successfully.
C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011 folder moved successfully.
C:\Users\Steven User\AppData\Roaming\RsQJ7dEK8R9YwUe folder moved successfully.
C:\Users\Steven User\AppData\Roaming\avD2onF4pH folder moved successfully.
C:\Users\Steven User\AppData\Roaming\QnG5aQH6dKf folder moved successfully.
C:\Users\Steven User\AppData\Roaming\WonF4pmH5Q7E8R9 folder moved successfully.
C:\Users\Steven User\AppData\Roaming\30EF7 folder moved successfully.
C:\Users\Steven User\AppData\Roaming\ZEoe6z4wogxWwAH folder moved successfully.
C:\Users\Steven User\AppData\Roaming\hrzONtxA0c2b3n4 folder moved successfully.
C:\Users\Steven User\AppData\Roaming\XvDobF4pm5Q6E8R folder moved successfully.
C:\Users\Steven User\AppData\Roaming\U9hTXwjUeIrPyAu folder moved successfully.
C:\Users\Steven User\AppData\Roaming\l9gTXqjYCkVzNx0 folder moved successfully.
C:\Users\Steven User\AppData\Roaming\NQJ6dEKfR9TwUeI folder moved successfully.
C:\Users\Steven User\Desktop\0.4678522676718392.exe moved successfully.
File\Folder C:\ProgramData\privacy.exe not found.
C:\Program Files\30EF7 folder moved successfully.
C:\Program Files\LP\4849 folder moved successfully.
C:\Program Files\LP folder moved successfully.
C:\Users\Steven User\AppData\Roaming\90D30 folder moved successfully.
File\Folder C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012 not found.
C:\Users\Steven User\AppData\Roaming\okIBrzONyAuSiF folder moved successfully.
C:\Users\Steven User\AppData\Roaming\NpnG5aQH6W7 folder moved successfully.
C:\Users\Steven User\AppData\Roaming\LS1ibD3on4HsJfL folder moved successfully.

OTLPE by OldTimer - Version 3.1.48.0 log created on 11272011_223400

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:55 PM

Posted 28 November 2011 - 11:52 AM

  • Boot to OTLPE as you did before.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Windows\System32\ej23jnm23.dat
    C:\Windows\System32\ocejmiaiw.dat
    C:\Windows\System32\odej23moc.dat
    C:\Windows\System32\muhmiaol23.dat
    C:\Windows\System32\metroosehw.dat
    C:\Windows\System32\exeiuqolmis.dat
    C:\Windows\System32\ewqlldnolmia.dat
    C:\Windows\System32\otiuqarcjra.dat
    C:\Windows\System32\ocmuhmjila.dat
    C:\Windows\System32\niw46mia23.dat
    C:\Windows\System32\busmjnolexe.dat
    C:\Windows\System32\46nololarc.dat
    C:\Windows\System32\mia46mirmoc.dat
    C:\Windows\System32\arcotniwniw.dat
    C:\Windows\System32\23hwmiamoc.dat
    C:\Users\Steven User\Desktop\AV Protection 2011.lnk
    C:\Windows\System32\c_77621.nl_
    C:\Users\Steven User\Desktop\0.22068448169927946.exe
    C:\Users\Steven User\AppData\Local\dfl20z32.dll
    C:\Users\Steven User\Desktop\0.6255255489322431.exe
    C:\Users\Steven User\AppData\Roaming\ldr.ini
    C:\Windows\System32\System Security 2012v121.exe
    C:\Users\Steven User\AppData\Local\wsr20zt32.dll
    C:\Users\Steven User\Desktop\0.8543574810547517.exe
    C:\Users\Steven User\Desktop\0.4049731133631722.exe
    C:\ProgramData\~30531320r
    C:\ProgramData\~30531320
    C:\ProgramData\30531320
    C:\ProgramData\xbejnmpolmid.dat
    C:\Windows\System32\32mnj32je.dat
    C:\Windows\System32\com32jedo.dat
    C:\Windows\System32\winwintocra.dat
    C:\Windows\System32\comrim64aim.dat
    C:\Windows\System32\comaimwh32.dat
    C:\Windows\System32\wiaimjeco.dat
    C:\Windows\System32\exelonjmsub.dat
    C:\Windows\System32\alijmhumco.dat
    C:\Windows\System32\simloquiexe.dat
    C:\Windows\System32\arjcraquito.dat
    C:\Windows\System32\32aim64win.dat
    C:\Windows\System32\32loaimhum.dat
    C:\Windows\System32\cralolon64.dat
    C:\Windows\System32\aimlondllqwe.dat
    C:\Windows\System32\whesoortem.dat
    C:\ProgramData\dimlopmnjebx.dat

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

Restart the computer back to OTLPE.
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in


      netsvcs
      set /c
      /md5start
      UXTHEME.DLL
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      Userinit.exe
      Explorer.exe
      Winlogon.exe
      Regedit.exe
      SCLWAPI.dll
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\System32\config\*.sav
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 SarahDoughnut717

SarahDoughnut717
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 28 November 2011 - 09:12 PM

Here is the first one:


Error: Unable to interpret <C:\Windows\System32\ej23jnm23.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\ocejmiaiw.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\odej23moc.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\muhmiaol23.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\metroosehw.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\exeiuqolmis.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\ewqlldnolmia.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\otiuqarcjra.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\ocmuhmjila.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\niw46mia23.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\busmjnolexe.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\46nololarc.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\mia46mirmoc.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\arcotniwniw.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\23hwmiamoc.dat> in the current context!
Error: Unable to interpret <C:\Users\Steven User\Desktop\AV Protection 2011.lnk> in the current context!
Error: Unable to interpret <C:\Windows\System32\c_77621.nl_> in the current context!
Error: Unable to interpret <C:\Users\Steven User\Desktop\0.22068448169927946.exe> in the current context!
Error: Unable to interpret <C:\Users\Steven User\AppData\Local\dfl20z32.dll> in the current context!
Error: Unable to interpret <C:\Users\Steven User\Desktop\0.6255255489322431.exe> in the current context!
Error: Unable to interpret <C:\Users\Steven User\AppData\Roaming\ldr.ini> in the current context!
Error: Unable to interpret <C:\Windows\System32\System Security 2012v121.exe> in the current context!
Error: Unable to interpret <C:\Users\Steven User\AppData\Local\wsr20zt32.dll> in the current context!
Error: Unable to interpret <C:\Users\Steven User\Desktop\0.8543574810547517.exe> in the current context!
Error: Unable to interpret <C:\Users\Steven User\Desktop\0.4049731133631722.exe> in the current context!
Error: Unable to interpret <C:\ProgramData\~30531320r> in the current context!
Error: Unable to interpret <C:\ProgramData\~30531320> in the current context!
Error: Unable to interpret <C:\ProgramData\30531320> in the current context!
Error: Unable to interpret <C:\ProgramData\xbejnmpolmid.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\32mnj32je.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\com32jedo.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\winwintocra.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\comrim64aim.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\comaimwh32.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\wiaimjeco.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\exelonjmsub.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\alijmhumco.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\simloquiexe.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\arjcraquito.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\32aim64win.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\32loaimhum.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\cralolon64.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\aimlondllqwe.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\whesoortem.dat> in the current context!
Error: Unable to interpret <C:\ProgramData\dimlopmnjebx.dat> in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 11282011_210250

is that right? I'm no longer doing it myself, I'm feeding instructions to my brother over the phone so I hope he didnt do it wrong

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:55 PM

Posted 28 November 2011 - 09:30 PM

He still running the fix as a scan.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 SarahDoughnut717

SarahDoughnut717
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 28 November 2011 - 09:32 PM

yes, he is still running the second scan you asked me to do




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users