Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus/Trojan troubles


  • This topic is locked This topic is locked
18 replies to this topic

#1 Areee

Areee

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 26 December 2011 - 10:05 PM

Hi. New here, having pc problems. Windows 7, 64bit, any other info needed can be given

The past few days I've had this redirection issue come up. Its been taking me from google (only search engine I use) to all sorts of random places that I promptly get right back out of.

Lately, and for a while now, my pc has been slowing down considerably. I decided to take action, and upon doing reading and browsing to find an answer (Having to enlist an online pal to search for things for me), I have used TDSSKiller, SuperAntispyware, hitman pro 3.5, spyware doctor, spybot- s&d, ccleaner, and avast's free antivirus + its boot scanner to try and tackle all of this.

Upon the first boot scan, I found out I had a trojan and malware. It deleted what it could. With another boot scan pass, apparently it found more, or found the things come back- deleted once again. TDSS and hitman both found spyware/malware. Going through these programs, they found two trojan infections as well.

The technical details I can offer I remember, is that a few of the problems were "diagUI" in either sys32 or Program Data (also multiple instances of this running in the processes tab of task man.) and some other file with a similar program icon as the diagUI file. They were both recognized as ware.

All of these programs have found some or another spyware program or infected file, and many, many registry errors and infected files there. Upon a little research now that google is working a little now, I found that my "host" txt in sys32 had what looked to be a thousand urls next to my ip, and I followed advice given on the google forums to get rid of all but my local host ip. Two of them, "google" and "bing" (I do not use bing's search engine ever) were at the top with different IP addresses from my own, and were also part of a non-deleatable un-quaratineable result with hitman's program. Wouldn't let me remove them at all.



I apologize for the long, drawn out post. I'm very tired and have been at this for the past two days up and down. At the end of my ropes here, and I hope one of you can help me figure this issue out.

Any log files can be given, if they're available, upon request. I'm not sure what could be used exactly and I do not wish to make this read even longer.


Thank you :mellow:

BC AdBot (Login to Remove)

 


#2 Areee

Areee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 28 December 2011 - 07:25 PM

Can't edit post, so posting to say that I ran PC Tools Spyware Doctor again, and the only thing it found was... "Spyware.Possible_Website_Hijack (2 infections)", host entry 94.63.240.127, www.google.com and the same ip as the aforementioned before, www.bing.com


Other programs aren't finding anything else now as far as I've seen.

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 PM

Posted 01 January 2012 - 10:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434665 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Areee

Areee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 05 January 2012 - 10:13 AM

64 bit system, so I can't use GMER.

Here is the log contents of the DDS scan:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by pryvian at 10:09:35 on 2012-01-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1791.314 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\WoW\World of Warcraft 3.3.5a (no install)\Wow.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g206p0305v155r4961s256
uWindow Title =
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g206p0305v155r4961s256
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g206p0305v155r4961s256
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\pryvian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxp://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{189A7EA4-E3E5-4BEB-805A-E0A751964664} : DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{9B5C487E-0151-4555-91CA-D84C3FCFF779} : DhcpNameServer = 172.26.38.1 172.26.38.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Defender BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\pryvian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
SEH-X64: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 94.63.240.127 www.google.com
Hosts: 94.63.240.128 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\pryvian\AppData\Roaming\Mozilla\Firefox\Profiles\qk81sx86.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\pryvian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
R0 TFSysMon;TFSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-25 44768]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-12-26 337872]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2011-5-20 317296]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-11-24 240160]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-1-5 9968]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-1-5 74480]
S2 Adobe Licensing Console;Adobe Licensing Console;C:\Windows\System32\msvfd32.exe [2012-1-2 818169]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-12 135664]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-1-5 7408]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-12-26 371472]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-12-26 1117144]
S3 swiwdmbus;Sierra Wireless USB Composite Bus;C:\Windows\system32\DRIVERS\swiwdmbusx64.sys --> C:\Windows\system32\DRIVERS\swiwdmbusx64.sys [?]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\system32\DRIVERS\swnc8ua3.sys --> C:\Windows\system32\DRIVERS\swnc8ua3.sys [?]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\system32\DRIVERS\swumxa3.sys --> C:\Windows\system32\DRIVERS\swumxa3.sys [?]
S3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-12 135664]
.
=============== Created Last 30 ================
.
2012-01-04 17:26:13 -------- d-----w- C:\Users\pryvian\AppData\Local\{DD4D7B3D-27CA-4DDE-8D62-F671ED4BAB98}
2012-01-04 17:25:34 -------- d-----w- C:\Users\pryvian\AppData\Local\{985E4BEA-F677-4CF5-94F9-16B864515E5D}
2012-01-04 05:25:04 -------- d-----w- C:\Users\pryvian\AppData\Local\{376F590D-DFDC-447A-8EA3-C2A994634625}
2012-01-04 05:24:11 -------- d-----w- C:\Users\pryvian\AppData\Local\{ABC4308B-C218-4BF7-B3F1-275E68B9AFDB}
2012-01-03 21:39:26 -------- d-----w- C:\Users\pryvian\AppData\Local\IsolatedStorage
2012-01-03 17:23:43 -------- d-----w- C:\Users\pryvian\AppData\Local\{1FBB2A0B-D8CD-4E01-8216-B09E4B440A08}
2012-01-03 17:23:03 -------- d-----w- C:\Users\pryvian\AppData\Local\{40241F03-E283-4D63-8687-F08E0DA3F8B8}
2012-01-03 04:30:01 -------- d-----w- C:\Users\pryvian\AppData\Local\{F1C50E42-0F63-4787-A9DF-BB9AE052E6EC}
2012-01-03 04:29:41 -------- d-----w- C:\Users\pryvian\AppData\Local\{DFBC1C03-5884-4640-A787-0CBFD755CDF2}
2012-01-02 21:51:16 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-01-02 21:50:36 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2012-01-02 21:46:08 818169 ----a-w- C:\Windows\SysWow64\msvfd32.exe
2012-01-02 16:29:12 -------- d-----w- C:\Users\pryvian\AppData\Local\{E80BF445-1743-4F31-8A46-BE3B73E49AA5}
2012-01-02 16:28:29 -------- d-----w- C:\Users\pryvian\AppData\Local\{E1FBBB64-6720-4641-8B27-E2F1A159C0D1}
2012-01-01 22:01:08 -------- d-----w- C:\Users\pryvian\AppData\Local\{A08A3BAF-E307-4787-90C2-06BDA5F63D71}
2012-01-01 22:00:37 -------- d-----w- C:\Users\pryvian\AppData\Local\{4C291400-46FC-4C05-95CF-EBF9AAD17A57}
2012-01-01 16:19:18 -------- d-----w- C:\Program Files (x86)\Gravity
2012-01-01 04:45:05 -------- d-----w- C:\Users\pryvian\AppData\Local\{3494B44C-8BDC-48A4-8D2B-7F101E192A79}
2012-01-01 04:44:53 -------- d-----w- C:\Users\pryvian\AppData\Local\{5C552811-1563-46E6-88D4-4E74038F8BF8}
2012-01-01 01:02:53 -------- d-----w- C:\Users\pryvian\AppData\Local\{3A14A90A-44C7-4F06-A390-9BCF0363BFC5}
2011-12-31 16:59:44 517448 ----a-w- C:\Windows\SysWow64\XAudio2_4.dll
2011-12-31 16:59:43 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll
2011-12-31 16:59:43 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_6.dll
2011-12-31 16:59:39 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2011-12-31 16:57:11 -------- d-----w- C:\Program Files (x86)\WB Games
2011-12-31 12:18:46 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-12-31 12:18:23 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2011-12-31 05:51:00 -------- d-----w- C:\Users\pryvian\AppData\Roaming\Rovio
2011-12-31 05:46:10 -------- d-----w- C:\Program Files (x86)\Rovio
2011-12-31 05:24:09 -------- d-----w- C:\Users\pryvian\AppData\Local\{F4DABFFF-0E52-498A-8D39-22DD1CD3BA12}
2011-12-31 05:23:01 -------- d-----w- C:\Users\pryvian\AppData\Local\{95E34E5C-93A0-4225-A72E-E32A955FE37F}
2011-12-30 17:22:30 -------- d-----w- C:\Users\pryvian\AppData\Local\{CB102AAB-B18B-4FC6-8F39-8B9CCD3C390F}
2011-12-30 17:21:54 -------- d-----w- C:\Users\pryvian\AppData\Local\{91511AC1-3424-4FDC-A3C6-887806B8D1AB}
2011-12-30 05:21:24 -------- d-----w- C:\Users\pryvian\AppData\Local\{653CF653-1BD8-4CA8-95E0-3639D43DCDA1}
2011-12-30 05:20:48 -------- d-----w- C:\Users\pryvian\AppData\Local\{7590025A-CAE7-4516-A751-C209CD04187F}
2011-12-29 17:19:53 -------- d-----w- C:\Users\pryvian\AppData\Local\{6DA54677-EFB4-4F71-8362-AEA45B849748}
2011-12-29 17:18:43 -------- d-----w- C:\Users\pryvian\AppData\Local\{98256A50-38AD-425E-A2C3-961E18828BB4}
2011-12-29 05:17:45 -------- d-----w- C:\Users\pryvian\AppData\Local\{C387B2BD-5DBA-45CC-A4B3-C51C7F988381}
2011-12-29 05:16:39 -------- d-----w- C:\Users\pryvian\AppData\Local\{DBDB6739-91DE-4ACB-AC95-74F1F7B28D5F}
2011-12-29 00:37:58 -------- d-----w- C:\Users\pryvian\AppData\Roaming\Malwarebytes
2011-12-29 00:35:16 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-29 00:35:14 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-29 00:35:07 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-29 00:35:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-28 17:15:58 -------- d-----w- C:\Users\pryvian\AppData\Local\{6A58FC51-3B96-4127-AFBF-2FC773770111}
2011-12-28 17:15:28 -------- d-----w- C:\Users\pryvian\AppData\Local\{9050FB6D-8504-4C1F-8FE2-2FD3ECC42CCF}
2011-12-28 03:43:30 -------- d-----w- C:\Users\pryvian\AppData\Local\{97B64B1D-2E66-4ED1-B35F-9C780CF18367}
2011-12-28 03:43:06 -------- d-----w- C:\Users\pryvian\AppData\Local\{14625B39-CB39-4AD6-B721-087DC7E39D37}
2011-12-28 00:52:21 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2011-12-28 00:52:21 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2011-12-28 00:52:20 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-12-28 00:52:20 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-12-28 00:52:18 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-12-28 00:42:45 -------- d-----w- C:\Riot Games
2011-12-28 00:12:28 -------- d-----w- C:\Program Files (x86)\LeagueOfLegends
2011-12-28 00:10:19 -------- d-----w- C:\Users\pryvian\AppData\Local\PMB Files
2011-12-28 00:09:56 -------- d-----w- C:\ProgramData\PMB Files
2011-12-27 15:42:36 -------- d-----w- C:\Users\pryvian\AppData\Local\{1ED318E7-0FAD-471A-810B-B414848C9D7C}
2011-12-27 15:41:49 -------- d-----w- C:\Users\pryvian\AppData\Local\{090D2DE5-9EF5-423A-9318-3500A4CC260F}
2011-12-27 03:41:16 -------- d-----w- C:\Users\pryvian\AppData\Local\{4371100D-C423-40BF-986A-ADD5311DD08B}
2011-12-27 03:40:43 -------- d-----w- C:\Users\pryvian\AppData\Local\{D374EBBB-67D7-4F27-9E22-2E9D71E64989}
2011-12-27 01:56:01 -------- d-----w- C:\Users\pryvian\AppData\Local\Threat Expert
2011-12-26 23:57:18 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-26 23:56:45 65024 ----a-r- C:\Users\pryvian\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2011-12-26 23:56:45 5120 ----a-r- C:\Users\pryvian\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2011-12-26 23:56:45 18944 ----a-r- C:\Users\pryvian\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2011-12-26 23:56:40 -------- d-----w- C:\Users\pryvian\AppData\Roaming\SUPERAntiSpyware.com
2011-12-26 23:56:40 -------- d-----w- C:\Program Files (x86)\SUPERAntiSpyware
2011-12-26 23:41:53 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2011-12-26 23:37:05 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-12-26 23:37:03 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-12-26 23:36:40 -------- d-----w- C:\ProgramData\Hitman Pro
2011-12-26 16:54:40 74824 --s---w- C:\Windows\System32\drivers\TfSysMon.sys
2011-12-26 16:54:39 65072 --s---w- C:\Windows\System32\drivers\TfFsMon.sys
2011-12-26 16:54:39 41888 --s---w- C:\Windows\System32\drivers\TfNetMon.sys
2011-12-26 16:31:01 767952 ----a-w- C:\Windows\BDTSupport.dll
2011-12-26 16:30:59 2029520 ----a-w- C:\Windows\PCTBDCore.dll
2011-12-26 16:30:59 1533904 ----a-w- C:\Windows\PCTBDRes.dll
2011-12-26 16:30:59 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2011-12-26 16:28:26 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2011-12-26 16:28:25 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2011-12-26 16:28:23 337048 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2011-12-26 16:28:23 143896 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2011-12-26 16:28:16 282440 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2011-12-26 16:28:09 279344 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2011-12-26 16:27:58 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2011-12-26 16:27:25 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-12-26 16:27:24 -------- d-----w- C:\ProgramData\PC Tools
2011-12-26 16:27:24 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-12-26 16:18:25 -------- d-----w- C:\ProgramData\Premium
2011-12-26 16:18:22 -------- d-----w- C:\ProgramData\InstallMate
2011-12-26 15:40:01 -------- d-----w- C:\Users\pryvian\AppData\Local\{3CA092D6-F48A-46C9-978A-3DB7E803D415}
2011-12-26 15:39:20 -------- d-----w- C:\Users\pryvian\AppData\Local\{E61DB507-110A-4B7E-8126-CF003D952713}
2011-12-26 00:57:53 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-12-26 00:57:50 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-12-26 00:57:30 41184 ----a-w- C:\Windows\avastSS.scr
2011-12-25 18:47:21 -------- d-----w- C:\Users\pryvian\AppData\Local\{980A628B-C7A0-4521-8A8F-53F0BDEC43E7}
2011-12-25 18:46:58 -------- d-----w- C:\Users\pryvian\AppData\Local\{9245F887-1378-49E4-90E7-6273A6CC87A2}
2011-12-25 05:53:27 -------- d-----w- C:\Users\pryvian\AppData\Local\{8FE7BC5A-1012-46B8-985A-162997F6C1D7}
2011-12-24 17:52:37 -------- d-----w- C:\Users\pryvian\AppData\Local\{36A3CEE1-80E0-4822-849E-57D9B7FFBE86}
2011-12-24 17:52:15 -------- d-----w- C:\Users\pryvian\AppData\Local\{68EBE386-C082-4AF4-A878-5DE1D1128B11}
2011-12-24 05:21:43 -------- d-----w- C:\Users\pryvian\AppData\Local\{63CD4416-C46C-4089-9D87-297E66BD5703}
2011-12-24 05:21:08 -------- d-----w- C:\Users\pryvian\AppData\Local\{D9B1F17C-F46C-4C2A-A9F5-69D92009C468}
2011-12-24 03:28:02 -------- d-----w- C:\Users\pryvian\AppData\Roaming\MoreTerra
2011-12-23 17:20:40 -------- d-----w- C:\Users\pryvian\AppData\Local\{4DAE6593-0175-42B8-AF42-ED396B1C7935}
2011-12-23 17:20:18 -------- d-----w- C:\Users\pryvian\AppData\Local\{C24FF2B0-282B-4CCB-92B2-88D418F1DDB0}
2011-12-23 14:51:44 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9AA3D8DA-E5AB-42F8-B841-C743047AE130}\mpengine.dll
2011-12-23 04:38:00 -------- d-----w- C:\Users\pryvian\AppData\Local\{AFCEF8D3-5F88-48A0-939B-34E5537BA4E3}
2011-12-23 04:37:25 -------- d-----w- C:\Users\pryvian\AppData\Local\{7B6E757B-5A13-4812-8D36-1D114B8E678F}
2011-12-22 16:36:56 -------- d-----w- C:\Users\pryvian\AppData\Local\{41AAEF58-B99E-49AA-AB6E-48DA3CB28F78}
2011-12-22 16:36:35 -------- d-----w- C:\Users\pryvian\AppData\Local\{355D37AC-DFD6-400C-AD84-4BE6F34A6210}
2011-12-21 16:03:38 -------- d-----w- C:\Users\pryvian\AppData\Local\{38F64092-CDA4-47D9-9EAE-0CEF160A4253}
2011-12-21 16:03:26 -------- d-----w- C:\Users\pryvian\AppData\Local\{D3537D48-8038-4379-9485-96A99819C894}
2011-12-20 18:48:27 -------- d-----w- C:\Users\pryvian\AppData\Local\LogMeIn Hamachi
2011-12-20 18:46:57 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2011-12-20 18:01:51 -------- d-----w- C:\Users\pryvian\AppData\Local\{D51FD2E0-B98B-41EF-BE02-4AF504C01F75}
2011-12-20 18:01:36 -------- d-----w- C:\Users\pryvian\AppData\Local\{048D08D9-0761-4755-AC43-790819875EA4}
2011-12-20 05:04:29 -------- d-----w- C:\Users\pryvian\AppData\Local\{6E46972F-1C21-4AEA-9D56-66419BA9A8CB}
2011-12-20 05:04:15 -------- d-----w- C:\Users\pryvian\AppData\Local\{751B18DA-F494-4F48-85D6-3C65E145B394}
2011-12-19 17:03:55 -------- d-----w- C:\Users\pryvian\AppData\Local\{C521310F-A89B-4859-B37E-A92F30F67B7F}
2011-12-19 17:03:40 -------- d-----w- C:\Users\pryvian\AppData\Local\{041BCEC0-AAD6-41DB-90BE-FC303D5D65BC}
2011-12-19 05:03:20 -------- d-----w- C:\Users\pryvian\AppData\Local\{E115D7B6-87D3-4F74-8DD0-97E954561EBA}
2011-12-19 05:03:04 -------- d-----w- C:\Users\pryvian\AppData\Local\{20A4E51E-E7BD-4A71-A53B-25A2891A0A4A}
2011-12-18 17:02:44 -------- d-----w- C:\Users\pryvian\AppData\Local\{D68AA023-C874-48C6-B4C9-CCEFD1E39EFC}
2011-12-18 17:02:37 -------- d-----w- C:\Users\pryvian\AppData\Local\{658AB284-AA71-4EB2-8A06-86D9DB72BA2A}
2011-12-18 03:17:02 -------- d-----w- C:\Users\pryvian\AppData\Local\{CD1B7694-956C-4C40-80C2-071CCF14C73C}
2011-12-17 15:16:40 -------- d-----w- C:\Users\pryvian\AppData\Local\{38F50F04-FC39-4083-99E1-0D9E8DF5872A}
2011-12-17 15:16:36 -------- d-----w- C:\Users\pryvian\AppData\Local\{01F37A24-51AF-4317-8349-138112C87919}
2011-12-16 16:22:02 -------- d-----w- C:\Users\pryvian\AppData\Local\{9B6D2AD1-1882-4EE9-B13C-A9363356D221}
2011-12-16 16:21:57 -------- d-----w- C:\Users\pryvian\AppData\Local\{510B1B8E-4F20-4C38-A2EA-7A6E796CCFF5}
2011-12-16 11:05:45 -------- d-----w- C:\Users\pryvian\AppData\Local\{9378644F-AF81-43B7-8CB7-5956F813FD85}
2011-12-15 16:46:52 -------- d-----w- C:\Users\pryvian\AppData\Local\{C23A5C9A-D6D5-43BB-8100-8D26FBD1AF96}
2011-12-15 16:46:36 -------- d-----w- C:\Users\pryvian\AppData\Local\{1EF9AD08-8DDF-4653-BD4A-B16E53E3D98E}
2011-12-15 04:46:16 -------- d-----w- C:\Users\pryvian\AppData\Local\{84A20AF8-50CB-43E0-A9B5-D84957B40464}
2011-12-15 04:46:13 -------- d-----w- C:\Users\pryvian\AppData\Local\{FC5EBA71-D8FC-467C-8CC6-E2CC929C5DDC}
2011-12-14 20:25:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 20:25:58 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-14 16:41:01 -------- d-----w- C:\Users\pryvian\AppData\Local\{6711F457-CF6A-45C4-972F-90B44E35405F}
2011-12-14 16:40:46 -------- d-----w- C:\Users\pryvian\AppData\Local\{EE1125A2-DF88-4D8A-88BD-0CD0D0CE3BFC}
2011-12-14 04:40:25 -------- d-----w- C:\Users\pryvian\AppData\Local\{7ABBD96A-2B6C-4C95-AF59-6DFEA9C7CAFF}
2011-12-13 16:40:03 -------- d-----w- C:\Users\pryvian\AppData\Local\{D0DB920C-E63B-45D8-84A0-8A7DFEF2567A}
2011-12-13 16:39:48 -------- d-----w- C:\Users\pryvian\AppData\Local\{53E53698-3BA2-45B4-A053-7ECF5AD88993}
2011-12-13 06:22:30 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2011-12-13 04:39:28 -------- d-----w- C:\Users\pryvian\AppData\Local\{76EA7B24-B6BF-4CBD-A144-CA731CAF44CD}
2011-12-13 04:39:13 -------- d-----w- C:\Users\pryvian\AppData\Local\{4218832E-4BA6-47E2-8A3B-D429CAA11A00}
2011-12-12 16:38:54 -------- d-----w- C:\Users\pryvian\AppData\Local\{340901E4-1D11-418D-B8B2-DD72131DD7CA}
2011-12-12 16:38:50 -------- d-----w- C:\Users\pryvian\AppData\Local\{68E24648-CF2A-4699-8CCA-9B540E6680C2}
2011-12-12 03:46:12 -------- d-----w- C:\Users\pryvian\AppData\Local\{969E7BAE-143C-4614-BE45-13ACD9786184}
2011-12-12 03:45:56 -------- d-----w- C:\Users\pryvian\AppData\Local\{C3D5D85B-C09A-497E-B0F1-466518B25C12}
2011-12-11 21:32:15 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-12-11 21:32:15 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-12-11 21:32:15 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2011-12-11 21:32:14 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2011-12-11 21:32:13 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2011-12-11 21:32:13 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2011-12-11 21:32:12 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2011-12-11 21:31:53 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2011-12-11 15:45:35 -------- d-----w- C:\Users\pryvian\AppData\Local\{C594897E-24A0-4A1F-836A-59CA9319466A}
2011-12-11 15:45:32 -------- d-----w- C:\Users\pryvian\AppData\Local\{7D987E7C-1443-4F62-92B1-50B21BA2F608}
2011-12-11 01:05:55 -------- d-----w- C:\Users\pryvian\AppData\Local\{997DEECD-2885-4F90-B917-F0E44D8D93F4}
2011-12-11 01:05:39 -------- d-----w- C:\Users\pryvian\AppData\Local\{046384D1-6305-4AD4-856B-ECFA22222702}
2011-12-10 13:05:17 -------- d-----w- C:\Users\pryvian\AppData\Local\{BE5ACAF4-B0FA-40C8-AEA5-908B40DFB64E}
2011-12-10 13:05:13 -------- d-----w- C:\Users\pryvian\AppData\Local\{242635C3-C2C0-43EC-B165-F266818BC03F}
2011-12-09 17:09:59 -------- d-----w- C:\Users\pryvian\AppData\Local\{00B02196-7ED3-4389-9BD9-455AA21DC8D3}
2011-12-09 17:09:44 -------- d-----w- C:\Users\pryvian\AppData\Local\{997609F7-F092-426C-937F-34791771DDF7}
2011-12-09 02:38:52 -------- d-----w- C:\Users\pryvian\AppData\Local\{370D9BC6-0289-4BFE-9B0F-722939E3252C}
2011-12-09 02:38:36 -------- d-----w- C:\Users\pryvian\AppData\Local\{9D82776D-46B8-4E29-B379-9A2447829DA4}
2011-12-08 14:38:16 -------- d-----w- C:\Users\pryvian\AppData\Local\{54EE1966-59FE-4743-8C5E-0846B1003117}
2011-12-08 14:38:13 -------- d-----w- C:\Users\pryvian\AppData\Local\{8899A177-2BEE-40B6-A058-929BDCA3FE4A}
2011-12-08 01:22:34 -------- d-----w- C:\Users\pryvian\AppData\Local\{E434A036-6014-4311-8204-5281C3716864}
2011-12-08 01:22:18 -------- d-----w- C:\Users\pryvian\AppData\Local\{761D60E5-DEC0-4B03-A928-FE16C9580336}
2011-12-07 13:21:58 -------- d-----w- C:\Users\pryvian\AppData\Local\{2039C3DC-FB3E-4AC0-871F-D0C11648D481}
2011-12-07 13:21:54 -------- d-----w- C:\Users\pryvian\AppData\Local\{EA335A54-F340-4A5E-BE3C-91E3287D7FBF}
2011-12-06 17:23:10 -------- d-----w- C:\Users\pryvian\AppData\Local\{D575DEEC-DA42-4839-BEDE-5152B186B47B}
2011-12-06 17:23:06 -------- d-----w- C:\Users\pryvian\AppData\Local\{8A1F0FEE-4F39-416B-AD2F-CA0874D5AA45}
.
==================== Find3M ====================
.
2011-12-29 22:33:09 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-06-25 22:38:16 1080947851 ----a-w- C:\Program Files (x86)\US_LUNAPlus_11011901.exe
2011-01-18 08:53:32 2994688 ----a-w- C:\Program Files (x86)\openofficeorg33.msi
2011-01-18 08:52:10 475016 ----a-w- C:\Program Files (x86)\setup.exe
.
============= FINISH: 10:10:59.11 ===============

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:34 PM

Posted 06 January 2012 - 03:32 PM

Hi Areee,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. Thanks in advance for your patience.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:34 PM

Posted 07 January 2012 - 09:11 AM

Hi Areee,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

 

:step1: Multiple Antivirus Programs Installed
I notice you have more than one antivirus program installed. I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Spyware Doctor with AntiVirus or avast! Antivirus.

Also, I notice you have LogMeIn Hamachi installed. Have you installed this program and use it? (I ask because it can be used maliciously.)

:step2: ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

In your next reply, please include:
  • Combofix log
  • How's your computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 Areee

Areee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 07 January 2012 - 01:22 PM

Uninstalled spyware doctor's program. The antivirus isn't a separate program, right?

Logmein Hamachi, I installed it to use to network play a game online with a few friends. It can't be used by a third party source without my permission, can it?



Running combofix...

...

here is the log. Seems it didn't delete much?




ComboFix 12-01-06.03 - pryvian 01/07/2012 13:02:14.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1791.718 [GMT -5:00]
Running from: c:\users\pryvian\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\US_LUNAPlus_11011901.exe
c:\users\pryvian\AppData\Roaming\EurekaLog
c:\windows\SysWow64\Windupdt
C:\Windupdt
.
.
((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))
.
.
2012-01-07 18:11 . 2012-01-07 18:11 -------- d-----w- c:\users\Mcx1-KNIGHT\AppData\Local\temp
2012-01-07 18:11 . 2012-01-07 18:11 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-01-03 21:39 . 2012-01-03 21:39 -------- d-----w- c:\users\pryvian\AppData\Local\IsolatedStorage
2012-01-02 21:51 . 2012-01-02 21:51 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-01-02 21:50 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-01-02 21:46 . 2012-01-02 21:46 818169 ----a-w- c:\windows\SysWow64\msvfd32.exe
2012-01-01 16:19 . 2012-01-01 16:19 -------- d-----w- c:\program files (x86)\Gravity
2011-12-31 16:59 . 2009-03-16 19:18 517448 ----a-w- c:\windows\SysWow64\XAudio2_4.dll
2011-12-31 16:59 . 2009-03-16 19:18 235352 ----a-w- c:\windows\SysWow64\xactengine3_4.dll
2011-12-31 16:59 . 2009-03-16 19:18 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_6.dll
2011-12-31 16:59 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2011-12-31 16:57 . 2011-12-31 16:57 -------- d-----w- c:\program files (x86)\WB Games
2011-12-31 12:18 . 2011-12-31 12:18 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-31 12:18 . 2011-12-31 12:18 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-12-31 05:51 . 2011-12-31 06:21 -------- d-----w- c:\users\pryvian\AppData\Roaming\Rovio
2011-12-31 05:46 . 2011-12-31 06:19 -------- d-----w- c:\program files (x86)\Rovio
2011-12-29 22:34 . 2011-12-29 22:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-29 00:37 . 2011-12-29 00:37 -------- d-----w- c:\users\pryvian\AppData\Roaming\Malwarebytes
2011-12-29 00:35 . 2011-05-29 14:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-29 00:35 . 2011-12-29 00:35 -------- d-----w- c:\programdata\Malwarebytes
2011-12-29 00:35 . 2011-12-29 00:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-29 00:35 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 00:52 . 2008-07-31 15:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2011-12-28 00:52 . 2008-07-31 15:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2011-12-28 00:52 . 2008-07-12 13:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-12-28 00:52 . 2008-07-12 13:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-12-28 00:52 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-12-28 00:42 . 2011-12-28 00:43 -------- d-----w- C:\Riot Games
2011-12-28 00:12 . 2011-12-28 00:38 -------- d-----w- c:\program files (x86)\LeagueOfLegends
2011-12-28 00:10 . 2012-01-07 17:49 -------- d-----w- c:\users\pryvian\AppData\Local\PMB Files
2011-12-28 00:09 . 2012-01-07 16:47 -------- d-----w- c:\programdata\PMB Files
2011-12-27 01:56 . 2011-12-27 01:56 -------- d-----w- c:\users\pryvian\AppData\Local\Threat Expert
2011-12-26 23:57 . 2011-12-26 23:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-26 23:56 . 2011-12-26 23:56 65024 ----a-r- c:\users\pryvian\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2011-12-26 23:56 . 2011-12-26 23:56 5120 ----a-r- c:\users\pryvian\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2011-12-26 23:56 . 2011-12-26 23:56 18944 ----a-r- c:\users\pryvian\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2011-12-26 23:56 . 2011-12-28 00:03 -------- d-----w- c:\program files (x86)\SUPERAntiSpyware
2011-12-26 23:56 . 2011-12-26 23:56 -------- d-----w- c:\users\pryvian\AppData\Roaming\SUPERAntiSpyware.com
2011-12-26 23:41 . 2011-12-27 02:32 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-12-26 23:37 . 2011-12-28 17:28 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-26 23:37 . 2011-12-26 23:37 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-12-26 23:36 . 2011-12-26 23:42 -------- d-----w- c:\programdata\Hitman Pro
2011-12-26 16:27 . 2012-01-07 17:51 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-12-26 16:18 . 2011-12-26 16:18 -------- d-----w- c:\programdata\Premium
2011-12-26 16:18 . 2011-12-26 16:19 -------- d-----w- c:\programdata\InstallMate
2011-12-26 00:58 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-26 00:58 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-26 00:57 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-26 00:57 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-26 00:57 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-26 00:57 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-26 00:57 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-26 00:57 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-12-24 03:28 . 2011-12-24 03:35 -------- d-----w- c:\users\pryvian\AppData\Roaming\MoreTerra
2011-12-23 14:51 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9AA3D8DA-E5AB-42F8-B841-C743047AE130}\mpengine.dll
2011-12-20 18:48 . 2012-01-04 03:51 -------- d-----w- c:\users\pryvian\AppData\Local\LogMeIn Hamachi
2011-12-20 18:46 . 2011-12-20 18:46 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-12-14 20:25 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 20:25 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-13 06:22 . 2011-12-13 06:22 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-12-11 21:32 . 2010-02-04 15:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2011-12-11 21:32 . 2010-02-04 15:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2011-12-11 21:32 . 2010-02-04 15:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-12-11 21:32 . 2010-02-04 15:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2011-12-11 21:32 . 2009-03-09 20:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2011-12-11 21:32 . 2007-04-04 23:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2011-12-11 21:32 . 2007-03-12 21:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2011-12-11 21:31 . 2011-12-11 21:31 -------- d-----w- c:\program files (x86)\Microsoft XNA
2011-12-11 21:13 . 2011-12-11 21:13 -------- d-----w- c:\program files (x86)\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-29 22:33 . 2010-06-04 22:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-28 18:01 . 2011-01-22 23:42 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-18 08:53 . 2011-01-18 08:53 2994688 ----a-w- c:\program files (x86)\openofficeorg33.msi
2011-01-18 08:52 . 2011-01-18 08:52 475016 ----a-w- c:\program files (x86)\setup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\DRIVERS\swiwdmbusx64.sys [x]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [x]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2011-05-20 317296]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-03-01 00:44]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 02:46]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 02:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g206p0305v155r4961s256
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\pryvian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
FF - ProfilePath - c:\users\pryvian\AppData\Roaming\Mozilla\Firefox\Profiles\qk81sx86.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
Toolbar-Locked - (no file)
SafeBoot-31186719.sys
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
.
**************************************************************************
.
Completion time: 2012-01-07 13:19:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-07 18:19
.
Pre-Run: 466,802,421,760 bytes free
Post-Run: 466,767,466,496 bytes free
.
- - End Of File - - 972E17D945AD2CC87311D94A4298224E

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:34 PM

Posted 07 January 2012 - 02:21 PM

Hi Areee,

Spyware Doctor actually has two separate products: Spyware Doctor and also Spyware Doctor with Antivirus. Spyware Doctor with Antivirus is its own program (combined antivirus and anti-malware).

You are correct, Logmein Hamachi cannot be used by a third party source without your permission.

How's your computer running now?


:step1: Let's upload a file for a second opinion on what it actually is.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Virustotal: http://www.virustotal.com/

When the Virustotal page has finished loading, click the Choose File button and navigate to the following file and click Send File.

C:\Program Files (x86)\setup.exe

If prompted to reanalyze a file, please do so.

Please post back the website addresses (URLs) of the Virustotal result in your next post.


:step2: Please download SystemLook from HERE and save it to your Desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    c:\windows\system32\ /s /t30
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 Areee

Areee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 07 January 2012 - 03:35 PM

Doesn't seem I have spyware doctor's antivirus. I may have excluded it from my install most likely.

Computer is running...okay. Still seems moderately laggy on opening folders and programs/loading them. Seems...I can google things, for now. Its not redirecting- or hasn't the last few times I've needed to anyways.

VirusTotal results:

http://www.virustotal.com/file-scan/report.html?id=5bc13261f7e03aab505806e38fd4b5b7a681d92d2bb18fa775965fbe15b432f3-1325967481

I'll be splitting up the SystemLook results. Its huge ._.


Results of the SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:29 on 07/01/2012 by pryvian
Administrator - Elevation successful

========== dir ==========

c:\windows\system32 - Parameters: "/s /t30"

---Files---
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --ah--- 9920 bytes [04:45 14/07/2009] [18:20 07/01/2012]
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --ah--- 9920 bytes [04:45 14/07/2009] [18:20 07/01/2012]
perfc009.dat --a---- 140468 bytes [02:36 14/07/2009] [13:50 07/01/2012]
perfh009.dat --a---- 717976 bytes [02:36 14/07/2009] [13:50 07/01/2012]
PerfStringBackup.INI --a---- 858204 bytes [05:13 14/07/2009] [13:50 07/01/2012]

c:\windows\system32\%APPDATA% d--hs-- [06:22 13/12/2011]

c:\windows\system32\%APPDATA%\Microsoft d--hs-- [06:22 13/12/2011]

c:\windows\system32\%APPDATA%\Microsoft\Windows d--hs-- [06:22 13/12/2011]

c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache d--hs-- [06:22 13/12/2011]

c:\windows\system32\0409 d------ [05:37 14/07/2009]

c:\windows\system32\AdvancedInstallers d------ [03:20 14/07/2009]

c:\windows\system32\ar-SA d------ [03:20 14/07/2009]

c:\windows\system32\BestPractices d------ [23:27 04/01/2011]

c:\windows\system32\BestPractices\v1.0 d------ [23:27 04/01/2011]

c:\windows\system32\BestPractices\v1.0\Models d------ [23:27 04/01/2011]

c:\windows\system32\BestPractices\v1.0\Models\Microsoft d------ [23:27 04/01/2011]

c:\windows\system32\BestPractices\v1.0\Models\Microsoft\Windows d------ [23:27 04/01/2011]

c:\windows\system32\BestPractices\v1.0\Models\Microsoft\Windows\WebServer d------ [23:27 04/01/2011]

c:\windows\system32\BestPractices\v1.0\Models\Microsoft\Windows\WebServer\en-US d------ [23:27 04/01/2011]

c:\windows\system32\bg-BG d------ [03:20 14/07/2009]

c:\windows\system32\Boot d------ [03:20 14/07/2009]

c:\windows\system32\Boot\en-US d------ [05:37 14/07/2009]

c:\windows\system32\catroot d------ [03:20 14/07/2009]

c:\windows\system32\catroot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} d------ [05:10 14/07/2009]

c:\windows\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} d------ [03:20 14/07/2009]

c:\windows\system32\catroot2 d------ [03:20 14/07/2009]
dberr.txt --a---- 105662 bytes [04:46 14/07/2009] [17:50 07/01/2012]
edb.chk --a---- 8192 bytes [04:46 14/07/2009] [18:11 07/01/2012]
edb.log --a---- 65536 bytes [04:46 14/07/2009] [18:12 07/01/2012]
edb0049B.log --a---- 65536 bytes [04:46 14/07/2009] [18:12 07/01/2012]

c:\windows\system32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} d------ [05:10 14/07/2009]
catdb --a---- 1056768 bytes [05:10 14/07/2009] [18:12 07/01/2012]

c:\windows\system32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} d------ [04:46 14/07/2009]
catdb --a---- 24649728 bytes [04:46 14/07/2009] [18:12 07/01/2012]

c:\windows\system32\CodeIntegrity d------ [03:20 14/07/2009]

c:\windows\system32\com d------ [03:20 14/07/2009]

c:\windows\system32\com\dmp d------ [03:20 14/07/2009]

c:\windows\system32\com\en-US d------ [05:37 14/07/2009]

c:\windows\system32\config d------ [03:20 14/07/2009]
components --a---- 35913728 bytes [02:34 14/07/2009] [18:26 07/01/2012]
COMPONENTS.LOG1 --ah--- 262144 bytes [02:34 14/07/2009] [18:26 07/01/2012]
components{3b746fb9-ddff-11e0-99d5-4487fc413cc5}.TM.blf --ahs-- 65536 bytes [13:15 13/09/2011] [18:26 07/01/2012]
components{3b746fb9-ddff-11e0-99d5-4487fc413cc5}.TMContainer00000000000000000002.regtrans-ms --ahs-- 524288 bytes [13:15 13/09/2011] [18:26 07/01/2012]
default --a---- 4980736 bytes [02:34 14/07/2009] [18:20 07/01/2012]
DEFAULT.LOG1 --ah--- 262144 bytes [02:34 14/07/2009] [18:20 07/01/2012]
sam --a---- 262144 bytes [02:34 14/07/2009] [18:12 07/01/2012]
SAM.LOG1 --ah--- 62464 bytes [02:34 14/07/2009] [18:12 07/01/2012]
security --a---- 262144 bytes [02:34 14/07/2009] [18:12 07/01/2012]
SECURITY.LOG1 --ah--- 262144 bytes [02:34 14/07/2009] [18:12 07/01/2012]
software --a---- 76808192 bytes [02:34 14/07/2009] [20:13 07/01/2012]
SOFTWARE.LOG1 --ah--- 262144 bytes [02:34 14/07/2009] [20:13 07/01/2012]
system --a---- 16777216 bytes [02:34 14/07/2009] [20:16 07/01/2012]
SYSTEM.LOG1 --ah--- 262144 bytes [02:34 14/07/2009] [20:16 07/01/2012]

c:\windows\system32\config\Journal d------ [03:20 14/07/2009]

c:\windows\system32\config\RegBack d------ [03:20 14/07/2009]

c:\windows\system32\config\systemprofile d------ [03:20 14/07/2009]

c:\windows\system32\config\systemprofile\AppData d---s-- [03:20 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Local d------ [03:20 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Local\LogMeIn Hamachi d------ [18:48 20/12/2011]
h2-engine.cfg --a---- 1357 bytes [18:48 20/12/2011] [18:11 07/01/2012]
h2-engine.cfg.bak --a---- 1357 bytes [18:48 20/12/2011] [18:11 07/01/2012]
h2-engine.ini --a---- 467 bytes [18:48 20/12/2011] [18:17 07/01/2012]
h2-engine.ini.bak --a---- 467 bytes [18:48 20/12/2011] [18:17 07/01/2012]
h2-engine.log --a---- 1242809 bytes [18:48 20/12/2011] [18:17 07/01/2012]
h2-engine.log.old --a---- 4195191 bytes [18:48 20/12/2011] [03:16 03/01/2012]
h2-key-084-331-843 --a---- 273 bytes [01:10 01/01/2012] [01:10 01/01/2012]
h2-sta-084-331-843 --a---- 11 bytes [01:10 01/01/2012] [18:17 07/01/2012]
h2-sta-087-583-362 --a---- 10 bytes [20:37 25/12/2011] [18:17 07/01/2012]
h2-sta-095-557-706 --a---- 10 bytes [20:09 25/12/2011] [18:17 07/01/2012]
h2-sta-097-948-306 --a---- 15 bytes [20:37 25/12/2011] [18:17 07/01/2012]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft d------ [04:49 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\IdentityCRL d------ [00:15 30/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\IdentityCRL\production d------ [00:15 30/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\IdentityCRL\production\temp d------ [00:15 30/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer d------ [23:51 19/02/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Portable Devices d------ [17:03 24/11/2009]
wpdlog00.sqm --a---- 284 bytes [17:03 24/11/2009] [22:05 02/01/2012]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Vault d------ [13:32 31/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28 d------ [13:32 31/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows d------ [04:49 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Caches d------ [04:49 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History d--hs-- [04:54 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 d--hs-- [04:54 14/07/2009]
index.dat --ahs-- 32768 bytes [04:54 14/07/2009] [21:24 02/01/2012]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010021320100214 d--hs-- [04:16 14/02/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010021520100216 d--hs-- [06:06 15/02/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010021620100217 d--hs-- [06:13 16/02/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010021720100218 d--hs-- [22:56 17/02/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010021820100219 d--hs-- [23:26 18/02/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010021920100220 d--hs-- [23:51 19/02/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010022020100221 d--hs-- [01:21 21/02/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010022120100222 d--hs-- [01:42 22/02/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010022220100223 d--hs-- [02:07 23/02/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010022320100224 d--hs-- [02:15 24/02/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010022420100225 d--hs-- [02:42 25/02/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010022520100226 d--hs-- [02:59 26/02/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010022720100228 d--hs-- [06:28 27/02/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010022820100301 d--hs-- [17:19 28/02/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010030120100302 d--hs-- [01:39 02/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010030220100303 d--hs-- [01:45 03/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010030320100304 d--hs-- [01:53 04/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010030420100305 d--hs-- [02:04 05/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010030520100306 d--hs-- [02:21 06/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010030620100307 d--hs-- [02:32 07/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010030720100308 d--hs-- [02:42 08/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010030820100309 d--hs-- [02:54 09/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010030920100310 d--hs-- [03:22 10/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010031020100311 d--hs-- [03:37 11/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010031120100312 d--hs-- [03:49 12/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010031220100313 d--hs-- [04:03 13/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010031320100314 d--hs-- [04:33 14/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010031520100316 d--hs-- [06:41 15/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010031620100317 d--hs-- [20:21 16/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010031720100318 d--hs-- [20:27 17/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010031820100319 d--hs-- [20:29 18/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010031920100320 d--hs-- [20:47 19/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010032020100321 d--hs-- [20:50 20/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010032120100322 d--hs-- [22:12 21/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010032220100323 d--hs-- [22:18 22/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010032320100324 d--hs-- [22:47 23/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010032420100325 d--hs-- [23:11 24/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010032520100326 d--hs-- [23:38 25/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010032620100327 d--hs-- [00:07 27/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010032720100328 d--hs-- [00:29 28/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010032820100329 d--hs-- [00:40 29/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010032920100330 d--hs-- [01:05 30/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010033020100331 d--hs-- [01:28 31/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010033120100401 d--hs-- [01:49 01/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010040120100402 d--hs-- [02:17 02/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010040220100403 d--hs-- [02:18 03/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010040320100404 d--hs-- [02:40 04/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010040420100405 d--hs-- [02:47 05/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010040620100407 d--hs-- [16:30 06/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010040720100408 d--hs-- [17:34 07/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010040820100409 d--hs-- [17:47 08/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010040920100410 d--hs-- [22:18 09/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010041020100411 d--hs-- [22:22 10/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010041120100412 d--hs-- [22:32 11/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010041220100413 d--hs-- [22:39 12/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010041320100414 d--hs-- [23:03 13/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010041420100415 d--hs-- [23:17 14/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010041520100416 d--hs-- [23:30 15/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010041620100417 d--hs-- [23:31 16/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010041720100418 d--hs-- [23:46 17/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010041820100419 d--hs-- [23:52 18/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010041920100420 d--hs-- [00:17 20/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010042020100421 d--hs-- [00:31 21/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010042120100422 d--hs-- [00:43 22/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010042220100423 d--hs-- [00:47 23/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010042320100424 d--hs-- [00:53 24/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010042520100426 d--hs-- [18:28 25/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010042620100427 d--hs-- [21:14 26/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010042720100428 d--hs-- [21:24 27/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010042820100429 d--hs-- [21:33 28/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010042920100430 d--hs-- [21:39 29/04/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010043020100501 d--hs-- [03:35 01/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010050120100502 d--hs-- [03:42 02/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010050220100503 d--hs-- [03:55 03/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010050420100505 d--hs-- [04:04 04/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010050520100506 d--hs-- [22:46 05/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010050620100507 d--hs-- [01:52 07/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010050720100508 d--hs-- [03:41 08/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010050920100510 d--hs-- [19:37 09/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010051020100511 d--hs-- [03:01 11/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010051120100512 d--hs-- [03:12 12/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010051320100514 d--hs-- [05:51 13/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010051520100516 d--hs-- [18:00 15/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010051620100517 d--hs-- [18:39 16/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010051720100518 d--hs-- [18:48 17/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010051820100519 d--hs-- [19:09 18/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010051920100520 d--hs-- [19:22 19/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010052020100521 d--hs-- [19:36 20/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010052120100522 d--hs-- [19:59 21/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010052220100523 d--hs-- [20:27 22/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010052320100524 d--hs-- [20:38 23/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010052420100525 d--hs-- [20:49 24/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010052520100526 d--hs-- [20:58 25/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010052620100527 d--hs-- [21:16 26/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010052720100528 d--hs-- [21:36 27/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010052820100529 d--hs-- [21:41 28/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010052920100530 d--hs-- [22:07 29/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010053020100531 d--hs-- [22:15 30/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010053120100601 d--hs-- [22:15 31/05/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010060120100602 d--hs-- [22:31 01/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010060220100603 d--hs-- [22:38 02/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010060320100604 d--hs-- [22:49 03/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010060420100605 d--hs-- [22:50 04/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010060520100606 d--hs-- [23:05 05/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010060620100607 d--hs-- [23:24 06/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010060720100608 d--hs-- [23:31 07/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010060820100609 d--hs-- [23:54 08/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010060920100610 d--hs-- [00:18 10/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010061020100611 d--hs-- [00:37 11/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010061120100612 d--hs-- [00:59 12/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010061220100613 d--hs-- [01:10 13/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010061320100614 d--hs-- [02:21 14/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010061520100616 d--hs-- [14:31 15/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010061620100617 d--hs-- [15:33 16/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010061720100618 d--hs-- [19:19 17/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010061820100619 d--hs-- [19:31 18/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010061920100620 d--hs-- [19:45 19/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010062120100622 d--hs-- [12:15 21/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010062220100623 d--hs-- [12:27 22/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010062320100624 d--hs-- [17:42 23/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010062420100625 d--hs-- [17:50 24/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010062520100626 d--hs-- [18:13 25/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010062620100627 d--hs-- [18:36 26/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010062720100628 d--hs-- [18:44 27/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010062820100629 d--hs-- [19:10 28/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010063020100701 d--hs-- [19:55 30/06/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010070220100703 d--hs-- [04:25 02/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010070320100704 d--hs-- [04:34 03/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010070420100705 d--hs-- [04:54 04/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010070520100706 d--hs-- [05:18 05/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010070620100707 d--hs-- [05:38 06/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010070720100708 d--hs-- [05:57 07/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010070820100709 d--hs-- [06:42 08/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010070920100710 d--hs-- [07:10 09/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010071020100711 d--hs-- [15:22 10/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010071120100712 d--hs-- [17:26 11/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010071220100713 d--hs-- [18:26 12/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010071320100714 d--hs-- [18:46 13/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010071420100715 d--hs-- [18:53 14/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010071520100716 d--hs-- [21:14 15/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010071620100717 d--hs-- [21:34 16/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010071720100718 d--hs-- [22:20 17/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010072020100721 d--hs-- [17:33 20/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010072220100723 d--hs-- [18:21 22/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010072320100724 d--hs-- [18:28 23/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010072720100728 d--hs-- [17:13 27/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010072820100729 d--hs-- [17:35 28/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010072920100730 d--hs-- [17:57 29/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010073020100731 d--hs-- [18:27 30/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010073120100801 d--hs-- [19:39 31/07/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010080120100802 d--hs-- [19:48 01/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010080220100803 d--hs-- [19:54 02/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010080320100804 d--hs-- [20:14 03/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010080420100805 d--hs-- [20:33 04/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010080520100806 d--hs-- [23:17 05/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010080620100807 d--hs-- [23:23 06/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010080720100808 d--hs-- [23:28 07/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010080820100809 d--hs-- [23:32 08/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010080920100810 d--hs-- [23:58 09/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010081020100811 d--hs-- [00:09 11/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010081120100812 d--hs-- [00:28 12/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010081220100813 d--hs-- [00:29 13/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010081320100814 d--hs-- [00:44 14/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010081420100815 d--hs-- [01:12 15/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010081620100817 d--hs-- [09:58 16/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010081620100823 d--hs-- [23:00 23/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010081720100818 d--hs-- [10:47 17/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010082320100824 d--hs-- [23:00 23/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010082420100825 d--hs-- [23:18 24/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010082520100826 d--hs-- [00:08 26/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010082720100828 d--hs-- [00:28 28/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010082920100830 d--hs-- [16:38 29/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010083020100831 d--hs-- [16:46 30/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010083120100901 d--hs-- [21:09 31/08/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010090120100902 d--hs-- [22:37 01/09/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010090220100903 d--hs-- [23:28 02/09/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010090320100904 d--hs-- [23:53 03/09/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010090820100909 d--hs-- [08:46 08/09/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010090920100910 d--hs-- [17:19 09/09/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010091820100919 d--hs-- [15:31 18/09/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010092020100927 d--hs-- [00:31 28/09/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010092420100925 d--hs-- [22:44 24/09/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010092720100928 d--hs-- [00:31 28/09/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010092820100929 d--hs-- [00:52 29/09/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010092920100930 d--hs-- [01:01 30/09/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010093020101001 d--hs-- [03:35 01/10/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010100320101004 d--hs-- [15:52 03/10/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010100420101011 d--hs-- [00:27 13/10/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010101120101018 d--hs-- [16:56 19/10/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010101220101013 d--hs-- [00:27 13/10/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010101520101016 d--hs-- [22:47 15/10/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010101920101020 d--hs-- [16:56 19/10/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010102020101021 d--hs-- [20:55 20/10/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010102120101022 d--hs-- [20:56 21/10/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010102220101023 d--hs-- [21:04 22/10/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010102420101025 d--hs-- [17:00 24/10/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010102620101027 d--hs-- [11:25 26/10/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010102720101028 d--hs-- [21:07 27/10/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010102820101029 d--hs-- [23:53 28/10/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010103020101031 d--hs-- [12:10 30/10/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010103120101101 d--hs-- [14:09 31/10/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010110120101108 d--hs-- [23:18 08/11/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010110320101104 d--hs-- [03:29 04/11/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010110520101106 d--hs-- [03:49 06/11/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010110820101109 d--hs-- [23:18 08/11/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010110820101115 d--hs-- [23:36 16/11/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010110920101110 d--hs-- [23:44 09/11/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010111120101112 d--hs-- [02:41 12/11/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010111620101117 d--hs-- [23:36 16/11/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010111820101119 d--hs-- [03:19 19/11/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010112020101121 d--hs-- [06:08 20/11/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010112220101123 d--hs-- [02:17 23/11/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010112220101129 d--hs-- [22:44 30/11/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010113020101201 d--hs-- [22:44 30/11/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010120120101202 d--hs-- [03:03 02/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010120220101203 d--hs-- [03:04 03/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010120620101207 d--hs-- [23:12 06/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010120920101210 d--hs-- [02:16 10/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010121120101212 d--hs-- [04:08 12/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010121220101213 d--hs-- [04:39 13/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010121420101215 d--hs-- [06:56 14/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010121920101220 d--hs-- [02:19 20/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010122020101221 d--hs-- [02:33 21/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010122220101223 d--hs-- [17:26 22/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010122320101224 d--hs-- [19:30 23/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010122420101225 d--hs-- [19:51 24/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010122620101227 d--hs-- [17:39 26/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010122720101228 d--hs-- [17:55 27/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010122820101229 d--hs-- [20:38 28/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010122920101230 d--hs-- [21:03 29/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010123020101231 d--hs-- [21:05 30/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010123120110101 d--hs-- [21:18 31/12/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files d--hs-- [04:54 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 d--hs-- [22:55 29/12/2009]
index.dat --ahs-- 32768 bytes [22:55 29/12/2009] [21:24 02/01/2012]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M d--hs-- [14:20 09/02/2011]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 d--hs-- [03:44 27/01/2011]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9K8A95JR d--hs-- [21:47 02/03/2010]

c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OO7O2R0T d--hs-- [23:41 16/02/2010]

c:\windows\system32\config\systemprofile\AppData\LocalLow d---s-- [04:48 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\LocalLow\Microsoft d---s-- [04:55 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache d---s-- [04:55 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content d---s-- [04:57 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData d---s-- [04:55 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Roaming d---s-- [04:48 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft d---s-- [04:48 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\IdentityCRL d------ [00:15 30/12/2010]

c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production d------ [00:15 30/12/2010]

c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production\temp d------ [00:15 30/12/2010]

c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Speech d------ [17:27 23/05/2010]

c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Speech\Files d------ [17:27 23/05/2010]

c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons d------ [17:27 23/05/2010]

c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates d---s-- [04:48 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My d---s-- [04:48 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates d---s-- [04:48 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs d---s-- [04:48 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs d---s-- [04:48 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Vault d------ [13:32 31/12/2010]

c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows d------ [04:54 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies d--hs-- [04:54 14/07/2009]
index.dat --ahs-- 16384 bytes [22:55 29/12/2009] [21:24 02/01/2012]

c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache d--hs-- [05:12 14/07/2009]

c:\windows\system32\config\systemprofile\AppData\Roaming\Sierra Wireless d------ [15:51 15/11/2011]

c:\windows\system32\config\systemprofile\AppData\Roaming\Sierra Wireless\Logs d------ [15:51 15/11/2011]
SwiCardDetectSvc.txt --a---- 4620 bytes [15:51 15/11/2011] [18:12 07/01/2012]

c:\windows\system32\config\systemprofile\Documents dr----- [22:19 09/01/2011]

c:\windows\system32\config\systemprofile\Favorites dr----- [04:16 14/02/2010]

c:\windows\system32\config\TxR d------ [03:20 14/07/2009]
{d5f92d39-6d9e-11e0-8ae1-806e6f6e6963}.TxR.3.regtrans-ms --ahs-- 5242880 bytes [01:16 06/08/2011] [18:11 07/01/2012]
{d5f92d39-6d9e-11e0-8ae1-806e6f6e6963}.TxR.blf --ahs-- 65536 bytes [11:43 23/04/2011] [18:11 07/01/2012]
{d5f92d3a-6d9e-11e0-8ae1-806e6f6e6963}.TM.blf --ahs-- 65536 bytes [11:43 23/04/2011] [18:11 07/01/2012]
{d5f92d3a-6d9e-11e0-8ae1-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms --ahs-- 524288 bytes [11:43 23/04/2011] [18:11 07/01/2012]

c:\windows\system32\cs-CZ d------ [03:20 14/07/2009]

c:\windows\system32\da-DK d------ [03:20 14/07/2009]

c:\windows\system32\de-DE d------ [03:20 14/07/2009]

c:\windows\system32\Dism d------ [03:20 14/07/2009]

c:\windows\system32\Dism\en-US d------ [05:37 14/07/2009]

c:\windows\system32\drivers d------ [03:20 14/07/2009]

c:\windows\system32\drivers\en-US d------ [05:37 14/07/2009]

c:\windows\system32\drivers\etc d------ [03:20 14/07/2009]
hosts --a---- 27 bytes [02:34 14/07/2009] [18:12 07/01/2012]

c:\windows\system32\drivers\UMDF d------ [03:20 14/07/2009]

c:\windows\system32\drivers\UMDF\en-US d------ [05:37 14/07/2009]

c:\windows\system32\DriverStore d------ [03:20 14/07/2009]

c:\windows\system32\DriverStore\en-US d------ [05:37 14/07/2009]

c:\windows\system32\DriverStore\FileRepository d------ [03:20 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\1394.inf_amd64_neutral_0b11366838152a76 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\61883.inf_amd64_neutral_a64d66bac757464c d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\acpi.inf_amd64_neutral_aed2e7a487803437 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\acpipmi.inf_amd64_neutral_256ad642985694b3 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\adp94xx.inf_amd64_neutral_4928c8870f6a1577 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\adpahci.inf_amd64_neutral_b082e95ec9f8c3f9 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\adpu320.inf_amd64_neutral_4ea3d42a9839982a d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\af9035bda.inf_amd64_neutral_aa11aa34552d1d4d d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\agp.inf_amd64_neutral_22cdceb61fbafb43 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_67db50590108ebd9 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\amdsbs.inf_amd64_neutral_5cae6933bef20aa8 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\angel264.inf_amd64_neutral_04b54b6322607cce d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\angel64.inf_amd64_neutral_6bed16c93db1ccf3 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\angelu64.inf_amd64_neutral_3d6079dd78127f5e d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\arc.inf_amd64_neutral_11b52dec8e94d9aa d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\arcsas.inf_amd64_neutral_c763887719bed95d d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\atiriol6.inf_amd64_neutral_bde34ad5722cca75 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\avc.inf_amd64_neutral_3ef33c750e6308ce d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\averfx2hbh826d_noaverir_x64.inf_amd64_neutral_da2ba9e8a30dad14 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\averfx2hbtv_x64.inf_amd64_neutral_7216b6fb23536c40 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\averfx2swtv_noavin_x64.inf_amd64_neutral_86943dd17860e449 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\averfx2swtv_x64.inf_amd64_neutral_24a71cdaabc7f783 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\averhbh826_noaverir_x64.inf_amd64_neutral_2fe3b14136d6e46d d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\avmx64c.inf_amd64_neutral_8ebb15bf548db022 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\bda.inf_amd64_neutral_41c6262952846788 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\blbdrive.inf_amd64_neutral_1aa816fe7dc98c3f d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\brmfcmdm.inf_amd64_neutral_af49d2f3ffa12116 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\brmfcsto.inf_amd64_neutral_2d7208355536945e d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\brmfcumd.inf_amd64_neutral_db43b26810939b3e d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\brmfport.inf_amd64_neutral_f41f35e5c21bc350 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\bthmtpenum.inf_amd64_neutral_c70e85b87ee4ece9 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\bthpan.inf_amd64_neutral_024281c0e4e954e2 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\bthprint.inf_amd64_neutral_3c11362fa327f5a4 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\bthspp.inf_amd64_neutral_1b15060bdfbd09e1 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\circlass.inf_amd64_neutral_cf52485bed804e02 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\compositebus.inf_amd64_neutral_b9280780a8000d4b d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\cpu.inf_amd64_neutral_ae5de2e1bf2793c3 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\crcdisk.inf_amd64_neutral_d10626d1f8b423c3 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\cxfalcon_ibv64.inf_amd64_neutral_d065aec3fcf4ec4e d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\cxfalpal_ibv64.inf_amd64_neutral_4c42ac5f00413365 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\cxraptor_fm1216mk5_ibv64.inf_amd64_neutral_3eaae75b591bd148 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\cxraptor_fm1236mk5_ibv64.inf_amd64_neutral_b81bec917adfaea5 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\cxraptor_philipstuv1236d_ibv64.inf_amd64_neutral_b6a3e57df5bad299 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\dc21x4vm.inf_amd64_neutral_8887242a56ee027e d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_neutral_6fd673519d66ab20 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\display.inf_amd64_neutral_ea1c8215e52777a6 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\dot4.inf_amd64_neutral_b89cfac15ccb2fba d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\dot4prt.inf_amd64_neutral_e7d3f62d0d4411db d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\dtsoftbus01.inf_amd64_neutral_4ac220a6c52452a8 d------ [12:19 31/12/2011]

c:\windows\system32\DriverStore\FileRepository\eaphost.inf_amd64_neutral_4506dea11740c089 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ehstorcertdrv.inf_amd64_neutral_2e1cecffae9c899a d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ehstorpwddrv.inf_amd64_neutral_ecd233d7cabbdebf d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\elxstor.inf_amd64_neutral_4263942b9dfe9077 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\faxca003.inf_amd64_neutral_5b8c7c1dda79bef4 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\faxcn001.inf_amd64_neutral_d23021a1eb548156 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\faxcn002.inf_amd64_neutral_3d392ccc357e04db d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\fdc.inf_amd64_neutral_bbcfca39fdc02275 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\gameport.inf_amd64_neutral_fe5c4f29488f121e d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\hal.inf_amd64_neutral_232b95977cf6d84c d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\hcw72b64.inf_amd64_neutral_023772237d3a4ade d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\hcw85b64.inf_amd64_neutral_22b436d5d06ab017 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\hcw85c64.inf_amd64_neutral_96b71557b416d04a d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\hdaudbus.inf_amd64_neutral_4b99fffee061ff26 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\hdaudio.inf_amd64_neutral_ce7bc199c85ae0a0 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\hdaudss.inf_amd64_neutral_330a593eb888237c d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_9536aeb54771f335 d------ [17:14 24/11/2009]

c:\windows\system32\DriverStore\FileRepository\hidbth.inf_amd64_neutral_8a1323fc68ad84af d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\hiddigi.inf_amd64_neutral_12aaf5742a9969da d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\hidir.inf_amd64_neutral_5b48c4b1b49ca54a d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\hidirkbd.inf_amd64_neutral_2b561a02e977e2e3 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\hidserv.inf_amd64_neutral_f2223e39f37c69f3 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\hpoa1nd.inf_amd64_neutral_cf39c48277e038de d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\hpoa1sd.inf_amd64_neutral_caaa16c52c48f8ac d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\hpoa1so.inf_amd64_neutral_4f1a3f1015001339 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\hpoa1ss.inf_amd64_neutral_8cae09a2238d64e0 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\hpsamd.inf_amd64_neutral_84ae149ecc9f8033 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\hp_2009.inf_amd64_neutral_52162ba53ba52c1b d------ [19:27 28/02/2010]

c:\windows\system32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\igdlh.inf_amd64_neutral_54a12b57f547d08e d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\iirsp.inf_amd64_neutral_25c14d33af7f54f1 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\iirsp2.inf_amd64_neutral_9ed65fe0bab06b1b d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\image.inf_amd64_neutral_4a983035eaabe2f4 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\ipmidrv.inf_amd64_neutral_1cb648411f252d13 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\iscsi.inf_amd64_neutral_2ef24e9270d8b2a9 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\jswpslwfx.inf_amd64_neutral_585bbf8ff0616ff3 d------ [22:49 21/04/2011]

c:\windows\system32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\ks.inf_amd64_neutral_2b583ce4a6a029a1 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\kscaptur.inf_amd64_neutral_6cb3fb6811a3f83d d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ksfilter.inf_amd64_neutral_86311fdf78a07678 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\lsismv64.inf_amd64_neutral_ae94b528647d2d1e d------ [17:16 24/11/2009]

c:\windows\system32\DriverStore\FileRepository\lsi_fc.inf_amd64_neutral_a7088f3644ca646a d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\lsi_sas.inf_amd64_neutral_a4d6780f72cbd5b4 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\lsi_sas2.inf_amd64_neutral_e12a5c4cfbe49204 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\lsi_scsi.inf_amd64_neutral_cfbbf0b0b66ba280 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\mchgr.inf_amd64_neutral_407146dba80d1566 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\mcx2.inf_amd64_neutral_8cf9cade8f7bba56 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdm3com.inf_amd64_neutral_11abcf129a29fb9f d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdm5674a.inf_amd64_neutral_46f893a4f998bb46 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmadc.inf_amd64_neutral_62d6e6995428f9d0 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmagm64.inf_amd64_neutral_ef322a8cc2738a9b d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmags64.inf_amd64_neutral_e68956e24e287714 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmairte.inf_amd64_neutral_0feacd08cb9c7fe3 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmaiwa.inf_amd64_neutral_560c956da9bcd8f5 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_neutral_77e515342bd572cc d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmaiwa4.inf_amd64_neutral_6e97842bb8d9e6a8 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_neutral_ea8128ac5da37eb9 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmaiwat.inf_amd64_neutral_213e93b5ced8b0fe d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmar1.inf_amd64_neutral_b8ebf59556c3dbf0 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmarch.inf_amd64_neutral_4261401e3170ebfb d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmarn.inf_amd64_neutral_fa693d8797766f49 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmati.inf_amd64_neutral_ded8f26cdee953c3 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmatm2k.inf_amd64_neutral_64a8fb018ead55a7 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmaus.inf_amd64_neutral_5fa4270b9924b918 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmboca.inf_amd64_neutral_cc532ed7b3b5b5a9 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmbr002.inf_amd64_neutral_ce2134188ab21f59 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmbr004.inf_amd64_neutral_ccf1bc353e588fe1 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmbr005.inf_amd64_neutral_d140721f97061bba d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmbr006.inf_amd64_neutral_40c76453575b1208 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmbr007.inf_amd64_neutral_91d259640bad7d26 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmbr008.inf_amd64_neutral_2cedaac353c381da d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmbr00a.inf_amd64_neutral_aa4f0850ff03674e d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmbsb.inf_amd64_neutral_56a9f6bceeec7f72 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmbtmdm.inf_amd64_neutral_2e4da8629fc5904e d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmbug3.inf_amd64_neutral_7617862a9cc286da d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmbw561.inf_amd64_neutral_fe42c0ff14d5562b d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmc26a.inf_amd64_neutral_547edd894d7c19d9 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmcdp.inf_amd64_neutral_170c11f3a6d3f0a8 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmcm28.inf_amd64_neutral_d3fa0f62d3d7cea1 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmcodex.inf_amd64_neutral_9bb71004e7b8f7ae d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmcom1.inf_amd64_neutral_96c22c683482d8bd d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmcommu.inf_amd64_neutral_83cc415156be45c8 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmcomp.inf_amd64_neutral_e5ca2f01ca47bddb d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmcpq.inf_amd64_neutral_fbc4a14a6a13d0c8 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\mdmcpq2.inf_amd64_neutral_e9784021af1f5e24 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmcpv.inf_amd64_neutral_5667cca434e3a6b7 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmcrtix.inf_amd64_neutral_e91a5dc0655e200a d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_neutral_81ba64c5b6150dd3 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_neutral_f62ac4bd04e653d0 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmdcm5.inf_amd64_neutral_0bb09f3e5a59f3a8 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmdcm6.inf_amd64_neutral_b1db427ce3d2a1b4 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmdf56f.inf_amd64_neutral_26a79521b746fc31 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmdgitn.inf_amd64_neutral_09132735f1063a47 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmdp2.inf_amd64_neutral_ab710894455d7b9a d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmdsi.inf_amd64_neutral_e77f438012239042 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmdyna.inf_amd64_neutral_7e4d690d07ee94c1 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmeiger.inf_amd64_neutral_492d4e047d14bde9 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmelsa.inf_amd64_neutral_374f9d31af832d6b d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmeric.inf_amd64_neutral_27c5b45728cc9ed0 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmeric2.inf_amd64_neutral_a0575ec9ce5c7de9 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmetech.inf_amd64_neutral_230358eeb58f0b3b d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmfj2.inf_amd64_neutral_9c9eb67d406a1632 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmgatew.inf_amd64_neutral_84eee4cc19fd00dc d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmgcs.inf_amd64_neutral_aafcd45e4e890862 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmgen.inf_amd64_neutral_7a967d06d569b1e4 d------ [05:31 14/07/2009]

#10 Areee

Areee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 07 January 2012 - 03:37 PM

c:\windows\system32\DriverStore\FileRepository\mdmgl001.inf_amd64_neutral_9209e816461a1a73 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmgl002.inf_amd64_neutral_e204d4267d752eb7 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmgl003.inf_amd64_neutral_4c78da9e48068043 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmgl004.inf_amd64_neutral_1874f16002601f78 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmgl005.inf_amd64_neutral_8b56291bfd2a4061 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmgl006.inf_amd64_neutral_e5693eb731048022 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmgl007.inf_amd64_neutral_935cd017fcb965ee d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmgl008.inf_amd64_neutral_d225e15af1a594cd d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmgl009.inf_amd64_neutral_bed6224f27f5c478 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmgl010.inf_amd64_neutral_46f466c9e68abb4a d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmgsm.inf_amd64_neutral_dd3fbd8c64c7c87d d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmhaeu.inf_amd64_neutral_6611a858035bf482 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmhandy.inf_amd64_neutral_386661b46df6da3f d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmhay2.inf_amd64_neutral_ff250f861d941dd8 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmhayes.inf_amd64_neutral_507db5d34d7acddc d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdminfot.inf_amd64_neutral_fc6bcd80e9e6a3c3 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmiodat.inf_amd64_neutral_839e9ee1a8736613 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmirmdm.inf_amd64_neutral_fadec14b0a37b637 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmisdn.inf_amd64_neutral_061c61abd3904560 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmjf56e.inf_amd64_neutral_328dabbf0aeed9bc d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmke.inf_amd64_neutral_3e4daa83122b1559 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmkortx.inf_amd64_neutral_1975687236603184 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmlasat.inf_amd64_neutral_bc1469ba40fe2114 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmlasno.inf_amd64_neutral_c86d5b5e5fa8b48a d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmlucnt.inf_amd64_neutral_642a5ab3f2a1ae20 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmmc288.inf_amd64_neutral_c4a901dab689ad79 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmmcd.inf_amd64_neutral_49212f5920298e45 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmmcom.inf_amd64_neutral_716a306ec3899e04 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmmct.inf_amd64_neutral_15bb3ed734fbbeb3 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmmega.inf_amd64_neutral_f9c441ed24f00358 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmmetri.inf_amd64_neutral_f89b8a357327f615 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmmhrtz.inf_amd64_neutral_10affee00545fb45 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmmhzel.inf_amd64_neutral_1292ec506cfc26db d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmminij.inf_amd64_neutral_7c300346e830b2dc d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmmod.inf_amd64_neutral_5766736c47b90fff d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmmot64.inf_amd64_neutral_1abbad2f29c8fa08 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmmoto1.inf_amd64_neutral_bf4b404852955eb4 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmmotou.inf_amd64_neutral_eb1d978f38f35bca d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmmts.inf_amd64_neutral_b7f0a8d5f67c19e8 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmneuhs.inf_amd64_neutral_d1563e8412461eea d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmnis1u.inf_amd64_neutral_15011483bd8465c4 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmnis2u.inf_amd64_neutral_de46607a02fe2552 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmnis3t.inf_amd64_neutral_857ff0fa9c73850a d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmnis5t.inf_amd64_neutral_6c50ee5cb1ea2780 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmnokia.inf_amd64_neutral_a8e9a41983d33a0b d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmnova.inf_amd64_neutral_b52d8db82d8c3be9 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmntt1.inf_amd64_neutral_ecf5cff2236b273a d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmnttd2.inf_amd64_neutral_9dcd97ab7a913b7a d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmnttd6.inf_amd64_neutral_ce587aa61510da51 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmnttme.inf_amd64_neutral_ece4b1cc5aee6a38 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmnttp.inf_amd64_neutral_18b899bdc8a755fa d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmnttp2.inf_amd64_neutral_d218c42ac8635704 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmnttte.inf_amd64_neutral_16d100fb6ba2e40f d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmolic.inf_amd64_neutral_a53ac1a125d227fc d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmomrn3.inf_amd64_neutral_a87289088ec2cdf1 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmoptn.inf_amd64_neutral_be2f30f68f2a5567 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmosi.inf_amd64_neutral_932d048a735b47c2 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmpace.inf_amd64_neutral_f5caca1789a3c28b d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmpenr.inf_amd64_neutral_34624840c3163a38 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmpin.inf_amd64_neutral_2415474b9db0a888 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmpn1.inf_amd64_neutral_e44cc033b67e7d04 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmpp.inf_amd64_neutral_a9cb77fe1985cd2c d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmpsion.inf_amd64_neutral_6e65ea91a16f922a d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmracal.inf_amd64_neutral_857b8ff74e5a7073 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmrock.inf_amd64_neutral_2ec26aaad7a9d419 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmrock3.inf_amd64_neutral_9fdc5d710dd63e80 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmrock4.inf_amd64_neutral_e45293c539584293 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmrock5.inf_amd64_neutral_cadd97421d121ebb d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmsier.inf_amd64_neutral_622ad8125bbeeda8 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmsii64.inf_amd64_neutral_d7409fccc5ef4078 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmsmart.inf_amd64_neutral_829e8c7d1c8d5207 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmsonyu.inf_amd64_neutral_45152a8a9362fb82 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmsun1.inf_amd64_neutral_6184912bd8e5b438 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmsun2.inf_amd64_neutral_242c76ad2e288fb4 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmsupr3.inf_amd64_neutral_8416bd6e64a8e858 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmsupra.inf_amd64_neutral_c4fe81ea47c6df87 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmsuprv.inf_amd64_neutral_31d10a1a73b4feaa d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmtdk.inf_amd64_neutral_e567adb271831b5d d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmtdkj2.inf_amd64_neutral_0cf7696e2236ca4e d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmtdkj3.inf_amd64_neutral_7e1053ab483310f6 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmtdkj4.inf_amd64_neutral_c150a510c4b85ce7 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmtdkj5.inf_amd64_neutral_15940559c66fe8d9 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmtdkj6.inf_amd64_neutral_8087946c82068597 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmtdkj7.inf_amd64_neutral_7c21481229e1e66c d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmtexas.inf_amd64_neutral_7572473d88d69307 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmti.inf_amd64_neutral_4443b423d18c3ffc d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmtkr.inf_amd64_neutral_8e3809aa77440c37 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmtron.inf_amd64_neutral_1121c7f92e9e3001 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmusrf.inf_amd64_neutral_439e7d1dcac00aca d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmusrg.inf_amd64_neutral_814744dd97ccf09f d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmusrgl.inf_amd64_neutral_d42522943de68905 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmusrk1.inf_amd64_neutral_19cdebd3e1182874 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmusrsp.inf_amd64_neutral_a44611db70783ded d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmvdot.inf_amd64_neutral_714bc6a3a28b9f0f d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmvv.inf_amd64_neutral_14cb440c800fe9fe d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmwhql0.inf_amd64_neutral_23613e3dd9401f10 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmx5560.inf_amd64_neutral_e853cea0022c059a d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmzoom.inf_amd64_neutral_dd07287cee791f3c d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmzyp.inf_amd64_neutral_b64bd08009e7444f d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmzyxel.inf_amd64_neutral_ed1f16b3d0cae908 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_neutral_14f9249844f1cf17 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\megasas.inf_amd64_neutral_395276dd9b7a7448 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\megasas2.inf_amd64_neutral_599d713507780ed4 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\megasr.inf_amd64_neutral_30b367f92ca46598 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\memory.inf_amd64_neutral_c2d2c213c3138487 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mf.inf_amd64_neutral_b263d46928b97a9b d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\modemcsa.inf_amd64_neutral_b64a610f1f09f267 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\monitor.inf_amd64_neutral_ab477c4d805d044f d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mpio.inf_amd64_neutral_0c74c0f95001b61c d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\msclmd.inf_amd64_neutral_413d17c790177eef d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\msdri.inf_amd64_neutral_86bb50f34c49ae71 d------ [07:43 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\msdsm.inf_amd64_neutral_be2b348981b2ef17 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\msdv.inf_amd64_neutral_571f87a277565224 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mstape.inf_amd64_neutral_c2bb3ef1c45cd5a1 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\mtconfig.inf_amd64_neutral_4de24f49b5e60c45 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\multiprt.inf_amd64_neutral_988a34fc912eab54 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\net1kx64.inf_amd64_neutral_1f62482fbb9e52a5 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\net1qx64.inf_amd64_neutral_85d10fa4c777b7be d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\net1yx64.inf_amd64_neutral_ed16756f950857e8 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\net44amd.inf_amd64_neutral_db76873d4261eb11 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\net8185.inf_amd64_neutral_4ab014d645098f5f d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\net8187bv64.inf_amd64_neutral_d9eee378245b3b8b d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\net8187se64.inf_amd64_neutral_c239ab5d36a3b3e9 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netathrx.inf_amd64_neutral_905772087ff288af d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netb57va.inf_amd64_neutral_6264e97d4fc12211 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netbc664.inf_amd64_neutral_673d3dfb961e9b17 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netbvbda.inf_amd64_neutral_2bfa4ea57bd5d74a d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netbxnda.inf_amd64_neutral_c81780c5dcabd0a0 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\nete1e3e.inf_amd64_neutral_f77725472d91b1d1 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\nete1g3e.inf_amd64_neutral_7f08406e40c6ede2 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netefe3e.inf_amd64_neutral_b71dd3dadc5c3e27 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netevbda.inf_amd64_neutral_bab421df9c31cc81 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netg664.inf_amd64_neutral_b4e8ccc6ba210e97 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netimm.inf_amd64_neutral_9b64397618841a19 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netirda.inf_amd64_neutral_93a886f96cea2847 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netk57a.inf_amd64_neutral_8b26ad5d0cc037a9 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netl160a.inf_amd64_neutral_f8bdd2cbac28a8fd d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netl1c64.inf_amd64_neutral_30b0b06f47cab8cf d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netl1e64.inf_amd64_neutral_22118b1072f57433 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netl260a.inf_amd64_neutral_085226e1dfe76c55 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netloop.inf_amd64_neutral_856142fd87f1c21a d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netmyk00.inf_amd64_neutral_9c0c35afdddc16d2 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netnvm64.inf_amd64_neutral_59c2a018fe2cf0b4 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netnvma.inf_amd64_neutral_99bb33c9a5bedaea d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netr28ux.inf_amd64_neutral_54f2470c084714e1 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_c86d6d5c3810fc04 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netr7364.inf_amd64_neutral_68988e550e69a417 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_4c56d83f6e4d75b0 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netrtl64.inf_amd64_neutral_0383c5de75359695 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netrtx64.inf_amd64_neutral_410e89ed86071c9b d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\nettun.inf_amd64_neutral_bd24fb174fabec97 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netvfx64.inf_amd64_neutral_194cb6d2ea3a486e d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netvg62a.inf_amd64_neutral_5817ae5135655364 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netvwifibus.inf_amd64_neutral_9d0740f32ce81d24 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netw5v64.inf_amd64_neutral_a6b778ba802632cc d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netxex64.inf_amd64_neutral_77b02fd738dca150 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\netxfx64.inf_amd64_neutral_3336ecb2950fdc45 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\nfrd960.inf_amd64_neutral_cfc8c0013e9ede68 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\nulhpopr.inf_amd64_neutral_e078ec466987bb3b d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\nvae.inf_amd64_neutral_eba6690de81d9ee5 d------ [22:50 29/12/2009]

c:\windows\system32\DriverStore\FileRepository\nvfd6264.inf_amd64_neutral_eeb50b492f3a90fd d------ [17:09 24/11/2009]

c:\windows\system32\DriverStore\FileRepository\nvfd6x64.inf_amd64_neutral_6548e16d80c85b6f d------ [12:40 22/06/2011]

c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\nvstor64.inf_amd64_neutral_a1edb7ec78eeae65 d------ [17:09 24/11/2009]

c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a54ca838cecfddb2 d------ [19:16 28/02/2010]

c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9 d------ [12:41 22/06/2011]

c:\windows\system32\DriverStore\FileRepository\nv_lh.inf_amd64_neutral_bc69f20e3115af59 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\pcmcia.inf_amd64_neutral_1678e66e0cbb04b2 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ph3xibc0.inf_amd64_neutral_c24bcc939e6dfc23 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ph3xibc1.inf_amd64_neutral_662220c3016bb4d0 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ph3xibc10.inf_amd64_neutral_2c5d0c618dbfaf2a d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ph3xibc11.inf_amd64_neutral_bb18e5f134c40c68 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ph3xibc12.inf_amd64_neutral_ff7295ba5a46d63f d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ph3xibc2.inf_amd64_neutral_7621f5d62d77f42e d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ph3xibc3.inf_amd64_neutral_1da6abc36a79974f d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ph3xibc4.inf_amd64_neutral_310871d800afa82a d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ph3xibc5.inf_amd64_neutral_2270382453de2dbb d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ph3xibc6.inf_amd64_neutral_2818f7b3b62bdd39 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ph3xibc7.inf_amd64_neutral_348f512722c79525 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ph3xibc8.inf_amd64_neutral_c93e7023ef90e637 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ph3xibc9.inf_amd64_neutral_ff3a566e4b6ba035 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ph6xib64c0.inf_amd64_neutral_a43df8f7441e1c61 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ph6xib64c1.inf_amd64_neutral_68c99681343e9b68 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr003.inf_amd64_neutral_dff45d1d0df04caf\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr004.inf_amd64_neutral_a78e168d6944619a d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr004.inf_amd64_neutral_a78e168d6944619a\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr005.inf_amd64_neutral_9e4cc05e0d4bcb33 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr005.inf_amd64_neutral_9e4cc05e0d4bcb33\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr007.inf_amd64_neutral_add2acf1d573aef0 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr007.inf_amd64_neutral_add2acf1d573aef0\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr008.inf_amd64_neutral_0540370b0b1e348e d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr008.inf_amd64_neutral_0540370b0b1e348e\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr009.inf_amd64_neutral_fd2ac5b9c40bd465 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr009.inf_amd64_neutral_fd2ac5b9c40bd465\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr00a.inf_amd64_neutral_e7f3f91e6832ef5c d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnbr00a.inf_amd64_neutral_e7f3f91e6832ef5c\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca003.inf_amd64_neutral_8e91d4aa9330d2f8 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca003.inf_amd64_neutral_8e91d4aa9330d2f8\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00f.inf_amd64_neutral_777b6911d18869b7 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00f.inf_amd64_neutral_777b6911d18869b7\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00g.inf_amd64_neutral_6f76b14b2912fa55 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00g.inf_amd64_neutral_6f76b14b2912fa55\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00i.inf_amd64_neutral_09ff5ee0a0cf0233 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00i.inf_amd64_neutral_09ff5ee0a0cf0233\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00y.inf_amd64_neutral_64560c72e81f6ad7 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00y.inf_amd64_neutral_64560c72e81f6ad7\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep004.inf_amd64_neutral_63b22bfb6b93eaba d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep004.inf_amd64_neutral_63b22bfb6b93eaba\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep005.inf_amd64_neutral_f2fbc5759618d8fb d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep005.inf_amd64_neutral_f2fbc5759618d8fb\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep00c.inf_amd64_neutral_f0d9ddf52f04765c d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep00c.inf_amd64_neutral_f0d9ddf52f04765c\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep00d.inf_amd64_neutral_dd61103f3a2743d4 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep00d.inf_amd64_neutral_dd61103f3a2743d4\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep00e.inf_amd64_neutral_edc631ff41a34218 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep00e.inf_amd64_neutral_edc631ff41a34218\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep00f.inf_amd64_neutral_a5f6001b957bd7e0 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep00f.inf_amd64_neutral_a5f6001b957bd7e0\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnfx002.inf_amd64_neutral_b6dd354531184f64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnfx002.inf_amd64_neutral_b6dd354531184f64\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnge001.inf_amd64_neutral_cfffa4143b3c4592 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnge001.inf_amd64_neutral_cfffa4143b3c4592\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prngt002.inf_amd64_neutral_df2060d80de9ff13 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prngt002.inf_amd64_neutral_df2060d80de9ff13\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prngt003.inf_amd64_neutral_8c9aae54a5673a35 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prngt003.inf_amd64_neutral_8c9aae54a5673a35\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prngt004.inf_amd64_neutral_f5bf8a7ba9dfff55 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prngt004.inf_amd64_neutral_f5bf8a7ba9dfff55\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnhp005.inf_amd64_neutral_914d6c300207814f d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnhp005.inf_amd64_neutral_914d6c300207814f\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnin002.inf_amd64_neutral_977d40799168c216 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnin002.inf_amd64_neutral_977d40799168c216\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnin003.inf_amd64_neutral_3a3c6293d0cda862 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnin003.inf_amd64_neutral_3a3c6293d0cda862\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnin004.inf_amd64_neutral_c8902ae660ab1360 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnin004.inf_amd64_neutral_c8902ae660ab1360\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnkm002.inf_amd64_neutral_7c42808e24ebff99 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnkm002.inf_amd64_neutral_7c42808e24ebff99\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnkm003.inf_amd64_neutral_48652cda3bb15180 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnkm003.inf_amd64_neutral_48652cda3bb15180\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnkm005.inf_amd64_neutral_c03c9e328608873e d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnkm005.inf_amd64_neutral_c03c9e328608873e\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnky004.inf_amd64_neutral_5db759db19acd3ae d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnky004.inf_amd64_neutral_5db759db19acd3ae\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnky005.inf_amd64_neutral_8836be987024e6a9 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnky005.inf_amd64_neutral_8836be987024e6a9\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnky006.inf_amd64_neutral_522043c34551b0c0 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnky006.inf_amd64_neutral_522043c34551b0c0\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnky007.inf_amd64_neutral_e637699044f367f3 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnky007.inf_amd64_neutral_e637699044f367f3\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnky008.inf_amd64_neutral_9f6abc54cbf095f2 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnky008.inf_amd64_neutral_9f6abc54cbf095f2\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnle002.inf_amd64_neutral_c7564163ba063094 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnle002.inf_amd64_neutral_c7564163ba063094\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx004.inf_amd64_neutral_2cf95f307381e481 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx004.inf_amd64_neutral_2cf95f307381e481\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx005.inf_amd64_neutral_f65eeb9bff6bd8f3 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx005.inf_amd64_neutral_f65eeb9bff6bd8f3\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx006.inf_amd64_neutral_cc725426972d1293 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx006.inf_amd64_neutral_cc725426972d1293\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx007.inf_amd64_neutral_0b796ee4978458e2 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx007.inf_amd64_neutral_0b796ee4978458e2\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx008.inf_amd64_neutral_75545721835fd863\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx009.inf_amd64_neutral_d4b76afd08f308fb d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx009.inf_amd64_neutral_d4b76afd08f308fb\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00a.inf_amd64_neutral_a89d2c01c0f43dfd d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00a.inf_amd64_neutral_a89d2c01c0f43dfd\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00b.inf_amd64_neutral_89b555703683b583\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00c.inf_amd64_neutral_79ebe29715d2fa47 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00c.inf_amd64_neutral_79ebe29715d2fa47\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00e.inf_amd64_neutral_0a4797d9b127d3a7 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00e.inf_amd64_neutral_0a4797d9b127d3a7\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00v.inf_amd64_neutral_86ff307c66080d00 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00v.inf_amd64_neutral_86ff307c66080d00\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00w.inf_amd64_neutral_d4c93bb2fbf75723 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00w.inf_amd64_neutral_d4c93bb2fbf75723\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00x.inf_amd64_neutral_808baf4e08594a59 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00x.inf_amd64_neutral_808baf4e08594a59\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00y.inf_amd64_neutral_977318f2317f5ddd d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00y.inf_amd64_neutral_977318f2317f5ddd\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00z.inf_amd64_neutral_aea50acf04a2db1d d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnlx00z.inf_amd64_neutral_aea50acf04a2db1d\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnms001.inf_amd64_neutral_9b214cd9b78760aa d------ [04:57 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnms001.inf_amd64_neutral_9fe8503f82ce60fa d------ [01:20 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\prnms002.inf_amd64_neutral_d834e48846616289\Amd64 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnnr003.inf_amd64_neutral_c07c33bfb5764bdb d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnnr003.inf_amd64_neutral_c07c33bfb5764bdb\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc002.inf_amd64_neutral_fdb6f2e252435905 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc002.inf_amd64_neutral_fdb6f2e252435905\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc003.inf_amd64_neutral_47e09b7cc0d9e993 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc003.inf_amd64_neutral_47e09b7cc0d9e993\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc004.inf_amd64_neutral_bbd3435eeaf576ee\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc005.inf_amd64_neutral_31e08a1c2f933124 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc005.inf_amd64_neutral_31e08a1c2f933124\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc00a.inf_amd64_neutral_565c5d04cc520c48 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc00a.inf_amd64_neutral_565c5d04cc520c48\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc00b.inf_amd64_neutral_3338d41663aad5fa d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc00b.inf_amd64_neutral_3338d41663aad5fa\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc00c.inf_amd64_neutral_53a58f4fd7d88575 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnrc00c.inf_amd64_neutral_53a58f4fd7d88575\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnso002.inf_amd64_neutral_c3b7ce4e6f71641f d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnso002.inf_amd64_neutral_c3b7ce4e6f71641f\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnsv002.inf_amd64_neutral_6ca80563d6148ee5 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnsv002.inf_amd64_neutral_6ca80563d6148ee5\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnsv004.inf_amd64_neutral_fc4526bbfbd5feb1 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnsv004.inf_amd64_neutral_fc4526bbfbd5feb1\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnts002.inf_amd64_neutral_ad2aa922aa11af2c d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnts002.inf_amd64_neutral_ad2aa922aa11af2c\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnts003.inf_amd64_neutral_33a68664c7e7ae4b d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnts003.inf_amd64_neutral_33a68664c7e7ae4b\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnxx002.inf_amd64_neutral_560fdd891b24f384 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\prnxx002.inf_amd64_neutral_560fdd891b24f384\Amd64 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\qd3x64.inf_amd64_neutral_e8903726d63a3f07 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ql2300.inf_amd64_neutral_ca8487daf77ff7cb d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ql40xx.inf_amd64_neutral_77a826e5c0a07842 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ql40xx2.inf_amd64_neutral_b95932400326817e d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ramdisk.inf_amd64_neutral_798b5d4dd3f22a07 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\rawsilo.inf_amd64_neutral_8eb7e6403ddbb7a8 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\rdpbus.inf_amd64_neutral_3b741ca76444b9c3 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ricoh.inf_amd64_neutral_66b4504d1fb1c857 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\rndiscmp.inf_amd64_neutral_4ca64d28e1be8fa9 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\sbp2.inf_amd64_neutral_332943647e950ada d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\scrawpdo.inf_amd64_neutral_4c228493af8567bb d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\scrswi.inf_amd64_neutral_fecbb4e64d1891d9 d------ [15:50 15/11/2011]

c:\windows\system32\DriverStore\FileRepository\scsidev.inf_amd64_neutral_a7f5d9f34b621dca d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\sdbus.inf_amd64_neutral_735aa3b5ee832f62 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_neutral_1c5bc8e71eb90127 d------ [07:43 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_d2425e60845d17d3 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\sisraid2.inf_amd64_neutral_845e008c32615283 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\sisraid4.inf_amd64_neutral_65ab84e9830f6f4b d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\stexstor.inf_amd64_neutral_80ee226e29362f51 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\swiwdmbus.inf_amd64_neutral_6357ac2064266204 d------ [15:51 15/11/2011]

c:\windows\system32\DriverStore\FileRepository\swnc8u00.inf_amd64_neutral_937e52266d366738 d------ [15:50 15/11/2011]

c:\windows\system32\DriverStore\FileRepository\swumdm00.inf_amd64_neutral_f447bfca8485dc4f d------ [15:50 15/11/2011]

c:\windows\system32\DriverStore\FileRepository\swuser00.inf_amd64_neutral_571e43d4a4043237 d------ [15:50 15/11/2011]

c:\windows\system32\DriverStore\FileRepository\swuusb00.inf_amd64_neutral_9bfc10b2c0855533 d------ [15:50 15/11/2011]

c:\windows\system32\DriverStore\FileRepository\tape.inf_amd64_neutral_c6a6811d3d827dba d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\tdibth.inf_amd64_neutral_6ad685957123daf1 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\tpm.inf_amd64_neutral_d5bb6575cf91cd73 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\transfercable.inf_amd64_neutral_82f4c743c8996d67 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\transfercable.inf_amd64_neutral_82f4c743c8996d67\amd64 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_neutral_24c807694f614911 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\tsprint.inf_amd64_neutral_c48d421ad2c1e3e3 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\tsprint.inf_amd64_neutral_c48d421ad2c1e3e3\amd64 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\tsusbhubfilter.inf_amd64_neutral_d0615d6fd67bad03 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\ts_generic.inf_amd64_neutral_1a5c861fdb3aab0e d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_neutral_daa64ca27846aa23 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\umbus.inf_amd64_neutral_2d4257afa2e35253 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\umpass.inf_amd64_neutral_e3be362bfab667d2 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\unknown.inf_amd64_neutral_5eb6ac70dd1a3ad0 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_269d7150439b3372 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\usbcir.inf_amd64_neutral_379fb0c62496be6e d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_0725c2806a159a9d d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\usbvideo.inf_amd64_neutral_836a6716cd56c692 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\vhdmp.inf_amd64_neutral_c3910bbf4fbccf97 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\vsmraid.inf_amd64_neutral_be11b7aaa746e92d d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\v_mscdsc.inf_amd64_neutral_8b1e6b55729c3283 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wave.inf_amd64_neutral_7a0a0b166f55e1aa d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wceisvista.inf_amd64_neutral_3500779911f7f3ca d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wd.inf_amd64_neutral_759109899b486d47 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wdma_usb.inf_amd64_neutral_7bb325bca8ea1218 d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\wiabr002.inf_amd64_neutral_b4ea26a49ad66560 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiabr004.inf_amd64_neutral_b1d90b3749c5e6a6 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiabr005.inf_amd64_neutral_e14a0514f37611d8 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiabr006.inf_amd64_neutral_0232ca4f23224d01 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiabr007.inf_amd64_neutral_442d902f3f3dd5b7 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiabr008.inf_amd64_neutral_27d1c9a28eac4eed d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiabr009.inf_amd64_neutral_2d7b3edfda95df40 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiabr00a.inf_amd64_neutral_6033065925bcc882 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiaca00a.inf_amd64_neutral_163313056d8f34ab d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiaca00b.inf_amd64_neutral_1aaa057d3d52ea43 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiaca00c.inf_amd64_neutral_27f4ad26fea72eb1 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiaca00d.inf_amd64_neutral_2c3623fa97b0c28e d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiaca00e.inf_amd64_neutral_5a376e6a7cb007d5 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiaca00f.inf_amd64_neutral_f7f7e179d99acc58 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiaca00i.inf_amd64_neutral_de104aaa48ee4b00 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiacn001.inf_amd64_neutral_b7a0b2f53d745b5a d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiaep002.inf_amd64_neutral_0a982dec66379cb0 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiaep003.inf_amd64_neutral_c2a98813147bf34e d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiahp001.inf_amd64_neutral_aee49cdf3b352e58 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiaky002.inf_amd64_neutral_b898f5982403f3cb d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wialx002.inf_amd64_neutral_71f4aacee1aa9f06 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wialx003.inf_amd64_neutral_db618863f9347f9a d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wialx004.inf_amd64_neutral_0a3a62ae6ed43127 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wialx005.inf_amd64_neutral_5304c93e2193f237 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wialx006.inf_amd64_neutral_ae607a72b46f9cfc d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiasa002.inf_amd64_neutral_6429a42f1243419a d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wiaxx002.inf_amd64_neutral_fbe080a7dd77c4a3 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\windowssideshowenhanceddriver.inf_amd64_neutral_184a2ef2a8f57c33 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\winusb.inf_amd64_neutral_6cb50ae9f480775b d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\wpdcomp.inf_amd64_neutral_11bbf54c8508434e d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\wpdfs.inf_amd64_neutral_fc4ebadff3a40ae4 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wpdmtp.inf_amd64_neutral_28f06ca2e38e8979 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wpdmtphw.inf_amd64_neutral_a7a22bb0bb81abb0 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wsdprint.inf_amd64_neutral_f91980f20f3112ed d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wsdscdrv.inf_amd64_neutral_47406488f9e8d5b8 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_neutral_adc3e4acb1046b4b d------ [01:14 06/08/2011]

c:\windows\system32\DriverStore\FileRepository\xcbdav.inf_amd64_neutral_cf80e4da1c95e6e2 d------ [05:31 14/07/2009]

c:\windows\system32\DriverStore\FileRepository\xnacc.inf_amd64_neutral_13c4e272a96185a1 d------ [05:30 14/07/2009]

c:\windows\system32\DriverStore\Temp d------ [04:57 14/07/2009]

c:\windows\system32\DriverStore\Temp\{522f6bf6-ae20-0f66-d982-a746d010852a} d------ [04:57 14/07/2009]

c:\windows\system32\DriverStore\Temp\{66d0a369-9ad5-293e-fc6d-ed5d94a83e40} d------ [22:50 29/12/2009]

c:\windows\system32\DRVSTORE d----c- [07:53 20/01/2011]

c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE d----c- [07:53 20/01/2011]

c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64 d----c- [07:53 20/01/2011]

c:\windows\system32\el-GR d------ [03:20 14/07/2009]

c:\windows\system32\en d------ [05:37 14/07/2009]

c:\windows\system32\en-US d------ [03:20 14/07/2009]

c:\windows\system32\en-US\Licenses d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\Enterprise d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\EnterpriseE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\EnterpriseN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\HomeBasic d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\HomeBasicE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\HomeBasicN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\HomePremium d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\HomePremiumE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\HomePremiumN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\Professional d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\ProfessionalE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\ProfessionalN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\Starter d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\StarterE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\StarterN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\Ultimate d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\UltimateE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\eval\UltimateN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\Enterprise d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\EnterpriseE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\EnterpriseN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\HomeBasic d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\HomeBasicE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\HomeBasicN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\HomePremium d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\HomePremiumE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\HomePremiumN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\Professional d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\ProfessionalE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\ProfessionalN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\Starter d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\StarterE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\StarterN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\Ultimate d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\UltimateE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\OEM\UltimateN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\Enterprise d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\EnterpriseE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\EnterpriseN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\HomeBasic d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\HomeBasicE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\HomeBasicN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\HomePremium d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\HomePremiumE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\HomePremiumN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\Professional d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\ProfessionalE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\ProfessionalN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\Starter d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\StarterE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\StarterN d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\Ultimate d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\UltimateE d------ [05:37 14/07/2009]

c:\windows\system32\en-US\Licenses\_Default\UltimateN d------ [05:37 14/07/2009]

c:\windows\system32\es-ES d------ [03:20 14/07/2009]

c:\windows\system32\et-EE d------ [03:20 14/07/2009]

c:\windows\system32\EventProviders d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\ar-sa d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\bg-bg d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\cs-cz d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\da-dk d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\de-de d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\el-gr d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\en-us d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\es-es d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\et-ee d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\fi-fi d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\fr-fr d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\he-il d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\hr-hr d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\hu-hu d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\it-it d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\ja-jp d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\ko-kr d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\lt-lt d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\lv-lv d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\nb-no d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\nl-nl d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\pl-pl d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\pt-br d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\pt-pt d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\ro-ro d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\ru-ru d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\sk-sk d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\sl-si d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\sr-latn-cs d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\sv-se d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\th-th d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\tr-tr d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\uk-ua d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\zh-cn d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\zh-hk d------ [00:53 06/08/2011]

c:\windows\system32\EventProviders\zh-tw d------ [00:53 06/08/2011]

c:\windows\system32\fi-FI d------ [03:20 14/07/2009]

c:\windows\system32\fr-FR d------ [03:20 14/07/2009]

c:\windows\system32\FxsTmp d------ [05:32 14/07/2009]

c:\windows\system32\GroupPolicy d--h--- [03:20 14/07/2009]

c:\windows\system32\GroupPolicy\Machine d------ [19:08 30/12/2010]

c:\windows\system32\GroupPolicy\User d------ [19:08 30/12/2010]

c:\windows\system32\GroupPolicyUsers d--h--- [03:20 14/07/2009]

c:\windows\system32\he-IL d------ [03:20 14/07/2009]

c:\windows\system32\hr-HR d------ [03:20 14/07/2009]

c:\windows\system32\hu-HU d------ [03:20 14/07/2009]

c:\windows\system32\ias d------ [03:20 14/07/2009]

c:\windows\system32\icsxml d------ [03:20 14/07/2009]

c:\windows\system32\IME d------ [03:20 14/07/2009]

c:\windows\system32\IME\IMEJP10 d------ [03:20 14/07/2009]

c:\windows\system32\IME\IMEJP10\APPLETS d------ [03:20 14/07/2009]

c:\windows\system32\IME\imekr8 d------ [03:20 14/07/2009]

c:\windows\system32\IME\imekr8\applets d------ [03:20 14/07/2009]

c:\windows\system32\IME\imekr8\dicts d------ [03:20 14/07/2009]

c:\windows\system32\IME\IMESC5 d------ [03:20 14/07/2009]

c:\windows\system32\IME\IMESC5\applets d------ [03:20 14/07/2009]

c:\windows\system32\IME\IMETC10 d------ [03:20 14/07/2009]

c:\windows\system32\IME\IMETC10\applets d------ [03:20 14/07/2009]

c:\windows\system32\IME\shared d------ [03:20 14/07/2009]

c:\windows\system32\IME\shared\res d------ [03:20 14/07/2009]

c:\windows\system32\inetsrv d------ [03:20 14/07/2009]

c:\windows\system32\inetsrv\config d------ [23:27 04/01/2011]

c:\windows\system32\inetsrv\config\Export d------ [23:27 04/01/2011]

c:\windows\system32\inetsrv\config\schema d------ [23:27 04/01/2011]

c:\windows\system32\inetsrv\en-US d------ [23:27 04/01/2011]

c:\windows\system32\it-IT d------ [03:20 14/07/2009]

c:\windows\system32\ja-JP d------ [03:20 14/07/2009]

c:\windows\system32\ko-KR d------ [03:20 14/07/2009]

c:\windows\system32\LogFiles d------ [03:20 14/07/2009]

c:\windows\system32\LogFiles\AIT d---s-- [03:20 14/07/2009]

c:\windows\system32\LogFiles\Fax d------ [05:32 14/07/2009]

c:\windows\system32\LogFiles\Fax\Incoming d------ [05:32 14/07/2009]

c:\windows\system32\LogFiles\Fax\Outgoing d------ [05:32 14/07/2009]

c:\windows\system32\LogFiles\Firewall d------ [03:20 14/07/2009]

c:\windows\system32\LogFiles\HTTPERR d------ [18:53 13/02/2010]
httperr1.log --a---- 90110 bytes [18:53 13/02/2010] [02:37 03/01/2012]

c:\windows\system32\LogFiles\Scm d------ [04:45 14/07/2009]
044a6734-e90e-4f8f-b357-b2dc8ab3b5ec --a---- 20 bytes [05:08 14/07/2009] [15:50 01/01/2012]
2470470f-2634-478e-b181-571e98a789bb --a---- 12 bytes [05:08 14/07/2009] [18:12 07/01/2012]
2f57269b-1e09-4e2d-ab1e-b0fdac7d279c --a---- 20 bytes [05:08 14/07/2009] [16:20 07/01/2012]
396f25fa-d81c-452a-ab99-b5e5c5267c43 --a---- 12 bytes [17:04 24/11/2009] [18:12 07/01/2012]
47536d45-eeec-4bdc-8183-a4dc1f8da9e4 --a---- 20 bytes [05:08 14/07/2009] [01:13 06/01/2012]
4c8b01a2-11ff-4c41-848f-508ef4f00cf7 --a---- 12 bytes [05:08 14/07/2009] [18:12 07/01/2012]
5c0aeeea-c154-45be-8499-bea5f11baff6 --a---- 20 bytes [05:08 14/07/2009] [15:10 04/01/2012]
5f5a18eb-dc73-4e45-a11c-b59043598412 --a---- 12 bytes [05:08 14/07/2009] [18:12 07/01/2012]
76dc446b-8bd2-4da8-9cbb-07b7f6733011 --a---- 20 bytes [18:20 07/01/2012] [18:20 07/01/2012]
7afcc0ca-7121-422a-ab45-b0e8d599ff08 --a---- 12 bytes [05:08 14/07/2009] [18:12 07/01/2012]
9435f817-fed2-454e-88cd-7f78fda62c48 --a---- 20 bytes [05:08 14/07/2009] [16:20 07/01/2012]
994c86ad-a929-4b2c-88a0-4e25a107a029 --a---- 20 bytes [05:08 14/07/2009] [13:44 07/01/2012]
a7c73732-9f11-4281-8d19-764d4ec9d94d --a---- 20 bytes [05:08 14/07/2009] [13:44 07/01/2012]
ac4e5acf-89f7-4220-ba21-81ee183975e2 --a---- 20 bytes [05:08 14/07/2009] [13:44 07/01/2012]
be669c13-8165-4536-96d0-6d6c39292aae --a---- 20 bytes [05:08 14/07/2009] [16:05 02/01/2012]
c016366b-7126-46ca-b36b-592a3d95a60b --a---- 12 bytes [05:08 14/07/2009] [19:00 07/01/2012]
cee70a16-05f4-497d-aa47-388491d3dd60 --a---- 20 bytes [13:10 06/08/2011] [13:44 07/01/2012]
d0250f3f-6480-484f-b719-42f659ac64d5 --a---- 12 bytes [05:08 14/07/2009] [18:25 07/01/2012]
d7b6e81d-3cf4-432c-84d2-24213f4316e6 --a---- 20 bytes [05:08 14/07/2009] [13:44 07/01/2012]
da41de71-8431-42fb-9db0-eb64a961dead --a---- 20 bytes [05:08 14/07/2009] [15:50 01/01/2012]
eaca24ff-236c-401d-a1e7-b3d5267b8a50 --a---- 12 bytes [05:08 14/07/2009] [20:05 07/01/2012]
eb02381f-d652-4b1c-894a-712498c62c51 --a---- 20 bytes [05:08 14/07/2009] [13:44 07/01/2012]
fdd56c73-f0d5-41b6-b767-6effd7966428 --a---- 20 bytes [05:08 14/07/2009] [13:44 07/01/2012]

c:\windows\system32\LogFiles\SQM d------ [04:49 14/07/2009]

c:\windows\system32\LogFiles\Srt d------ [03:17 15/06/2010]

c:\windows\system32\LogFiles\Windows Portable Devices d------ [05:32 14/07/2009]

c:\windows\system32\LogFiles\WMI d------ [03:20 14/07/2009]

c:\windows\system32\LogFiles\WMI\RtBackup d------ [03:20 14/07/2009]

c:\windows\system32\LogFiles\WUDF d------ [03:20 14/07/2009]
WUDFTrace.etl ------- 4096 bytes [17:03 24/11/2009] [18:12 07/01/2012]

c:\windows\system32\lt-LT d------ [03:20 14/07/2009]

c:\windows\system32\lv-LV d------ [03:20 14/07/2009]

c:\windows\system32\manifeststore d------ [03:20 14/07/2009]

c:\windows\system32\Microsoft d---s-- [04:45 14/07/2009]

c:\windows\system32\Microsoft\Protect d---s-- [04:45 14/07/2009]

c:\windows\system32\Microsoft\Protect\Recovery d---s-- [02:33 13/02/2010]

c:\windows\system32\Microsoft\Protect\S-1-5-18 d---s-- [04:45 14/07/2009]

c:\windows\system32\Microsoft\Protect\S-1-5-18\User d---s-- [04:45 14/07/2009]

c:\windows\system32\Microsoft\Protect\S-1-5-19 d---s-- [02:25 13/02/2010]

c:\windows\system32\Microsoft\Protect\S-1-5-20 d---s-- [16:59 21/02/2010]

c:\windows\system32\migration d------ [03:20 14/07/2009]

c:\windows\system32\migration\en-US d------ [05:37 14/07/2009]

c:\windows\system32\migration\WSMT d------ [01:15 06/08/2011]

c:\windows\system32\migration\WSMT\rras d------ [01:15 06/08/2011]

c:\windows\system32\migration\WSMT\rras\dlmanifests d------ [01:15 06/08/2011]

c:\windows\system32\migration\WSMT\rras\dlmanifests\Microsoft-Windows-RasServer-MigPlugin d------ [01:15 06/08/2011]

c:\windows\system32\migration\WSMT\rras\replacementmanifests d------ [01:15 06/08/2011]

c:\windows\system32\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasApi-MigPlugin d------ [01:15 06/08/2011]

c:\windows\system32\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasServer-MigPlugin d------ [01:15 06/08/2011]

c:\windows\system32\migwiz d------ [03:20 14/07/2009]

c:\windows\system32\migwiz\dlmanifests d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\BITSExtensions-Server d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-ActiveDirectory-WebServices-DL d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-ADFS-DL d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-Bluetooth-Config d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-COM-ComPlus-Setup-DL d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-COM-DTC-Setup-DL d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-DHCPServerMigPlugin-DL d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-IasServer-MigPlugin d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-IE-ESC d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-IIS-DL d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-International-Core-DL d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer-DRM-DL d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-msmq-messagingcoreservice d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-NDIS d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-NetworkBridge d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-NetworkLoadBalancing-Core d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-PerformanceCounterInfrastructure-DL d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-RasApi d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-RasConnectionManager d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-RasServer-MigPlugin d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-shmig-DL d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-StorageMigration d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-Sxs d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-TapiSetup d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-Unimodem-Config d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-WMI-Core d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\dlmanifests\Networking-MPSSVC-Svc d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\en-US d------ [05:37 14/07/2009]

c:\windows\system32\migwiz\PostMigRes d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\PostMigRes\data d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\PostMigRes\Web d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\PostMigRes\Web\base_images d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\replacementmanifests d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\replacementmanifests\microsoft-activedirectory-webservices d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\replacementmanifests\microsoft-international-core d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\replacementmanifests\microsoft-windows-audio-mmecore-other d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\replacementmanifests\Microsoft-Windows-GameUXMig d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\replacementmanifests\microsoft-windows-iis-rm d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\replacementmanifests\microsoft-windows-ndis d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\replacementmanifests\Microsoft-Windows-OfflineFiles-Core d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\replacementmanifests\microsoft-windows-shmig d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-AppServer-Licensing d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\replacementmanifests\Usb d------ [05:32 14/07/2009]

c:\windows\system32\migwiz\replacementmanifests\WindowsSearchEngine d------ [05:32 14/07/2009]

c:\windows\system32\Msdtc d------ [03:20 14/07/2009]

c:\windows\system32\Msdtc\Trace d------ [03:20 14/07/2009]

c:\windows\system32\MUI d------ [03:20 14/07/2009]

c:\windows\system32\MUI\0409 d------ [03:20 14/07/2009]

c:\windows\system32\MUI\dispspec d------ [05:37 14/07/2009]

c:\windows\system32\nb-NO d------ [03:20 14/07/2009]

c:\windows\system32\NDF d------ [03:20 14/07/2009]

c:\windows\system32\NetworkList d------ [03:20 14/07/2009]

c:\windows\system32\NetworkList\Icons d------ [03:20 14/07/2009]

c:\windows\system32\NetworkList\Icons\StockIcons d------ [03:20 14/07/2009]

c:\windows\system32\nl-NL d------ [03:20 14/07/2009]

c:\windows\system32\OEM d------ [01:51 12/07/2007]

c:\windows\system32\OEM\AcerSystem d------ [17:00 24/11/2009]

c:\windows\system32\OEM\CLEAREVENT d------ [17:00 24/11/2009]

c:\windows\system32\OEM\factory d------ [01:51 12/07/2007]

c:\windows\system32\OEM\INT15 d------ [17:00 24/11/2009]

c:\windows\system32\OEM\Logo d------ [17:00 24/11/2009]

c:\windows\system32\OEM\REMOVE_EARTHLINK_NETZERO d------ [17:00 24/11/2009]

c:\windows\system32\oobe d------ [03:20 14/07/2009]

c:\windows\system32\oobe\en-US d------ [05:37 14/07/2009]

c:\windows\system32\oobe\Info d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\Backgrounds d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\Backgrounds-NOWAIT d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1025 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1026 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1028 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1029 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1030 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1031 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1032 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1033 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1035 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1036 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1037 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1038 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1040 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1041 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1042 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1043 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1044 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1045 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1046 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1048 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1049 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1050 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1051 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1053 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1054 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1055 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1058 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1060 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1061 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1062 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\1063 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\2052 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\2058 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\2070 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\2074 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\3076 d------ [17:00 24/11/2009]

c:\windows\system32\oobe\Info\DEFAULT\3082 d------ [17:00 24/11/2009]

c:\windows\system32\pl-PL d------ [03:20 14/07/2009]

c:\windows\system32\Printing_Admin_Scripts d------ [05:37 14/07/2009]

c:\windows\system32\Printing_Admin_Scripts\en-US d------ [05:37 14/07/2009]

c:\windows\system32\pt-BR d------ [03:20 14/07/2009]

c:\windows\system32\pt-PT d------ [03:20 14/07/2009]

c:\windows\system32\ras d------ [03:20 14/07/2009]

c:\windows\system32\Recovery d------ [03:20 14/07/2009]

c:\windows\system32\restore d------ [05:32 14/07/2009]

c:\windows\system32\ro-RO d------ [03:20 14/07/2009]

c:\windows\system32\ru-RU d------ [03:20 14/07/2009]

c:\windows\system32\Setup d------ [03:20 14/07/2009]

c:\windows\system32\Setup\aladdin d------ [00:18 27/03/2010]

c:\windows\system32\Setup\aladdin\hasphl d------ [00:18 27/03/2010]

c:\windows\system32\Setup\en-US d------ [05:37 14/07/2009]

c:\windows\system32\sk-SK d------ [03:20 14/07/2009]

c:\windows\system32\sl-SI d------ [03:20 14/07/2009]

c:\windows\system32\slmgr d------ [05:37 14/07/2009]

c:\windows\system32\slmgr\0409 d------ [05:37 14/07/2009]

c:\windows\system32\SMI d------ [03:20 14/07/2009]

c:\windows\system32\SMI\Manifests d------ [03:20 14/07/2009]

c:\windows\system32\SMI\Schema d------ [03:20 14/07/2009]

c:\windows\system32\SMI\Store d------ [03:20 14/07/2009]

c:\windows\system32\SMI\Store\Machine d------ [03:20 14/07/2009]
SCHEMA.DAT.LOG1 --ah--- 262144 bytes [02:34 14/07/2009] [18:26 07/01/2012]

c:\windows\system32\Speech d------ [03:20 14/07/2009]

c:\windows\system32\Speech\Common d------ [03:20 14/07/2009]

c:\windows\system32\Speech\Engines d------ [05:32 14/07/2009]

c:\windows\system32\Speech\Engines\SR d------ [05:32 14/07/2009]

c:\windows\system32\Speech\Engines\SR\en-US d------ [05:37 14/07/2009]

c:\windows\system32\Speech\SpeechUX d------ [03:20 14/07/2009]

c:\windows\system32\Speech\SpeechUX\en-gb d------ [05:37 14/07/2009]

c:\windows\system32\Speech\SpeechUX\en-US d------ [05:37 14/07/2009]

c:\windows\system32\spool d------ [03:20 14/07/2009]

c:\windows\system32\spool\drivers d------ [03:20 14/07/2009]

c:\windows\system32\spool\drivers\color d------ [05:32 14/07/2009]

c:\windows\system32\spool\drivers\IA64 d------ [04:57 14/07/2009]

c:\windows\system32\spool\drivers\W32X86 d------ [04:57 14/07/2009]

c:\windows\system32\spool\drivers\x64 d------ [03:20 14/07/2009]

c:\windows\system32\spool\drivers\x64\3 d------ [03:20 14/07/2009]

c:\windows\system32\spool\drivers\x64\3\en-US d------ [05:37 14/07/2009]

c:\windows\system32\spool\drivers\x64\3\mui d------ [05:37 14/07/2009]

c:\windows\system32\spool\drivers\x64\3\mui\0409 d------ [05:37 14/07/2009]

c:\windows\system32\spool\drivers\x64\PCC d------ [05:09 14/07/2009]

c:\windows\system32\spool\PRINTERS d------ [03:20 14/07/2009]

c:\windows\system32\spool\prtprocs d------ [03:20 14/07/2009]

c:\windows\system32\spool\prtprocs\x64 d------ [03:20 14/07/2009]

c:\windows\system32\spool\prtprocs\x64\en-US d------ [05:37 14/07/2009]

c:\windows\system32\spool\SERVERS d------ [04:53 14/07/2009]

c:\windows\system32\spool\tools d------ [05:32 14/07/2009]

c:\windows\system32\spool\tools\Microsoft XPS Document Writer d------ [05:32 14/07/2009]

c:\windows\system32\spp d------ [03:20 14/07/2009]

c:\windows\system32\spp\plugin-manifests-signed d------ [03:20 14/07/2009]

c:\windows\system32\spp\tokens d------ [03:20 14/07/2009]

c:\windows\system32\spp\tokens\channels d------ [05:32 14/07/2009]

c:\windows\system32\spp\tokens\channels\OCUR d------ [05:32 14/07/2009]

c:\windows\system32\spp\tokens\identity d------ [03:20 14/07/2009]

c:\windows\system32\spp\tokens\issuance d------ [03:20 14/07/2009]

c:\windows\system32\spp\tokens\pkeyconfig d------ [03:20 14/07/2009]

c:\windows\system32\spp\tokens\ppdlic d------ [03:20 14/07/2009]

c:\windows\system32\spp\tokens\skus d------ [05:32 14/07/2009]

c:\windows\system32\spp\tokens\skus\Security-SPP-Component-SKU-HomePremium d------ [07:44 14/07/2009]

c:\windows\system32\sppui d------ [03:20 14/07/2009]

c:\windows\system32\SPReview d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\ar-sa d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\bg-bg d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\cs-cz d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\da-dk d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\de-de d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\el-gr d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\en-us d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\es-es d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\et-ee d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\fi-fi d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\fr-fr d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\he-il d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\hr-hr d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\hu-hu d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\it-it d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\ja-jp d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\ko-kr d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\lt-lt d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\lv-lv d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\nb-no d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\nl-nl d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\pl-pl d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\pt-br d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\pt-pt d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\ro-ro d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\ru-ru d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\sk-sk d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\sl-si d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\sr-latn-cs d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\sv-se d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\th-th d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\tr-tr d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\uk-ua d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\zh-cn d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\zh-hk d------ [00:57 06/08/2011]

c:\windows\system32\SPReview\zh-tw d------ [00:57 06/08/2011]

c:\windows\system32\sr-Latn-CS d------ [03:20 14/07/2009]

c:\windows\system32\sv-SE d------ [03:20 14/07/2009]

c:\windows\system32\sysprep d------ [03:20 14/07/2009]

c:\windows\system32\sysprep\en-US d------ [05:37 14/07/2009]

c:\windows\system32\sysprep\Panther d------ [17:04 24/11/2009]

c:\windows\system32\sysprep\Panther\IE d------ [17:04 24/11/2009]

c:\windows\system32\Tasks d------ [03:20 14/07/2009]

c:\windows\system32\Tasks\Microsoft d------ [03:20 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Microsoft Antimalware d------ [23:40 12/04/2010]

c:\windows\system32\Tasks\Microsoft\Windows d------ [03:20 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client d------ [04:53 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\AppID d------ [04:54 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Application Experience d------ [04:54 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Autochk d------ [04:49 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Bluetooth d------ [04:57 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient d------ [04:53 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program d------ [04:53 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Defrag d------ [04:57 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Diagnosis d------ [04:57 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\DiskDiagnostic d------ [17:04 24/11/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Location d------ [04:55 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Maintenance d------ [04:55 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Media Center d------ [07:45 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Media Center\Extender d------ [07:45 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\MemoryDiagnostic d------ [04:53 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\MobilePC d------ [17:04 24/11/2009]

c:\windows\system32\Tasks\Microsoft\Windows\MUI d------ [04:54 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Multimedia d------ [04:55 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\NetTrace d------ [04:54 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\NetworkAccessProtection d------ [04:54 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\PerfTrack d------ [04:55 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\PLA d------ [03:20 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\PLA\System d------ [03:20 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics d------ [04:53 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\RAC d------ [04:55 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Ras d------ [04:49 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Registry d------ [04:54 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update d------ [03:20 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\RemoteAssistance d------ [04:57 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Shell d------ [04:54 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\SideShow d------ [17:04 24/11/2009]

c:\windows\system32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform d------ [04:49 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\SyncCenter d------ [05:32 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\SystemRestore d------ [05:01 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Task Manager d------ [04:53 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Tcpip d------ [04:53 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\TextServicesFramework d------ [04:53 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Time Synchronization d------ [04:49 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\UPnP d------ [04:49 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\User Profile Service d------ [04:53 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\WDI d------ [04:49 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Windows Activation Technologies d------ [19:23 28/02/2010]

c:\windows\system32\Tasks\Microsoft\Windows\Windows Error Reporting d------ [04:49 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Windows Filtering Platform d------ [04:49 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\Windows Media Sharing d------ [04:57 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\WindowsBackup d------ [04:54 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows\WindowsColorSystem d------ [04:57 14/07/2009]

c:\windows\system32\Tasks\Microsoft\Windows Defender d------ [04:57 14/07/2009]
MP Scheduled Scan --a---- 3856 bytes [17:58 07/01/2012] [18:20 07/01/2012]

c:\windows\system32\Tasks\Microsoft\Windows Live d------ [00:16 30/12/2010]

c:\windows\system32\Tasks\Microsoft\Windows Live\SOXE d------ [00:16 30/12/2010]

c:\windows\system32\Tasks\WPD d------ [05:09 14/07/2009]

c:\windows\system32\th-TH d------ [03:20 14/07/2009]

c:\windows\system32\tr-TR d------ [03:20 14/07/2009]

c:\windows\system32\uk-UA d------ [03:20 14/07/2009]

c:\windows\system32\Wat d------ [19:22 28/02/2010]

c:\windows\system32\wbem d------ [03:20 14/07/2009]

c:\windows\system32\wbem\AutoRecover d------ [03:20 14/07/2009]

c:\windows\system32\wbem\en-US d------ [05:37 14/07/2009]

c:\windows\system32\wbem\Logs d------ [03:20 14/07/2009]

c:\windows\system32\wbem\MOF d------ [04:53 14/07/2009]

c:\windows\system32\wbem\MOF\bad d------ [05:08 14/07/2009]

c:\windows\system32\wbem\MOF\good d------ [05:08 14/07/2009]

c:\windows\system32\wbem\Performance d------ [05:12 14/07/2009]
WmiApRpl.h --a---- 3444 bytes [05:12 14/07/2009] [13:49 07/01/2012]
WmiApRpl.ini --a---- 28590 bytes [05:12 14/07/2009] [13:50 07/01/2012]

c:\windows\system32\wbem\repository d------ [03:20 14/07/2009]
INDEX.BTR --a---- 5136384 bytes [02:34 14/07/2009] [18:20 07/01/2012]
MAPPING1.MAP --a---- 57472 bytes [02:34 14/07/2009] [18:20 07/01/2012]
MAPPING2.MAP --a---- 57472 bytes [02:34 14/07/2009] [18:11 07/01/2012]
MAPPING3.MAP --a---- 57472 bytes [02:34 14/07/2009] [18:17 07/01/2012]
OBJECTS.DATA --a---- 17481728 bytes [02:34 14/07/2009] [18:20 07/01/2012]

c:\windows\system32\wbem\tmf d------ [03:20 14/07/2009]

c:\windows\system32\wbem\xml d------ [03:20 14/07/2009]

c:\windows\system32\WCN d------ [05:37 14/07/2009]

c:\windows\system32\WCN\en-US d------ [05:37 14/07/2009]

c:\windows\system32\wdi d------ [03:20 14/07/2009]
BootPerformanceDiagnostics_SystemData.bin --a---- 49468 bytes [05:10 14/07/2009] [18:14 07/01/2012]
ERCQueuedResolutions.dat --a---- 4530 bytes [09:11 18/02/2010] [07:03 06/01/2012]
{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin --a---- 1596 bytes [22:17 17/02/2010] [01:15 06/01/2012]

c:\windows\system32\wdi\LogFiles d------ [03:20 14/07/2009]
BootCKCL.etl --a---- 31981568 bytes [04:45 14/07/2009] [18:14 07/01/2012]
ShutdownCKCL.etl --a---- 1572864 bytes [05:01 14/07/2009] [18:11 07/01/2012]
WdiContextLog.etl.001 --a---- 540672 bytes [04:45 14/07/2009] [18:11 07/01/2012]
WdiContextLog.etl.002 ------- 262144 bytes [05:08 14/07/2009] [18:12 07/01/2012]
WdiContextLog.etl.003 --a---- 540672 bytes [17:02 24/11/2009] [17:50 07/01/2012]

c:\windows\system32\wdi\perftrack d------ [03:20 14/07/2009]

c:\windows\system32\wdi\perftrack\traces d------ [05:32 14/07/2009]

c:\windows\system32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3} d------ [19:43 13/02/2010]

c:\windows\system32\wdi\{67144949-5132-4859-8036-a737b43825d8} d------ [03:38 14/02/2010]

c:\windows\system32\wdi\{67144949-5132-4859-8036-a737b43825d8}\{2433d66e-d7fe-4a50-960b-d0ed917ce21d} d------ [12:00 31/12/2011]

c:\windows\system32\wdi\{67144949-5132-4859-8036-a737b43825d8}\{2f3b5312-d168-47f4-a5a0-df060dab6322} d------ [10:18 22/12/2011]

c:\windows\system32\wdi\{67144949-5132-4859-8036-a737b43825d8}\{4af61f06-5d69-4aba-a61b-6dcf7330bed1} d------ [06:59 26/12/2011]

c:\windows\system32\wdi\{67144949-5132-4859-8036-a737b43825d8}\{5af54b3c-cb8a-46d0-a7c5-0da4cbfa593c} d------ [00:46 29/12/2011]

c:\windows\system32\wdi\{67144949-5132-4859-8036-a737b43825d8}\{8450ba33-413d-451e-a582-942f144d024d} d------ [15:19 29/12/2011]

c:\windows\system32\wdi\{67144949-5132-4859-8036-a737b43825d8}\{897644d6-efac-4b9a-8f3e-eb3391421a16} d------ [22:11 26/12/2011]

c:\windows\system32\wdi\{67144949-5132-4859-8036-a737b43825d8}\{a54aca68-7776-4aa2-afd9-da31b4672907} d------ [23:39 29/12/2011]

c:\windows\system32\wdi\{67144949-5132-4859-8036-a737b43825d8}\{c95eca9d-b70a-4fc3-a70d-a20a4aab127c} d------ [21:20 26/12/2011]

c:\windows\system32\wdi\{67144949-5132-4859-8036-a737b43825d8}\{d38388fe-9c55-4a54-9652-7e8d6df73063} d------ [14:40 11/12/2011]

c:\windows\system32\wdi\{67144949-5132-4859-8036-a737b43825d8}\{db7f3a27-a344-4175-80a9-79efb85281a0} d------ [12:32 13/12/2011]

c:\windows\system32\wdi\{67144949-5132-4859-8036-a737b43825d8}\{ecbd22a8-14b5-44c0-9f2c-e44c56e09832} d------ [18:27 25/12/2011]

c:\windows\system32\wdi\{67144949-5132-4859-8036-a737b43825d8}\{edba8439-3bcc-4bff-9f67-a82564c9d9d3} d------ [00:04 30/12/2011]

c:\windows\system32\wdi\{67144949-5132-4859-8036-a737b43825d8}\{fb84ee99-a54a-4402-91aa-fc16f8f77f7d} d------ [01:17 30/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d} d------ [05:10 14/07/2009]
S-1-5-21-1931139771-639115300-473801051-1001_UserData.bin --a---- 24864 bytes [02:27 13/02/2010] [18:14 07/01/2012]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0177814c-9fc8-484b-afbc-2f33ea218481} d------ [15:53 06/01/2012]
snapshot.etl --a---- 278528 bytes [15:53 06/01/2012] [15:51 06/01/2012]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{05e6a90d-a4f8-4299-af21-80de019342dd} d------ [18:39 25/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0acc2f8c-feff-49a8-a2c5-581a3822f96b} d------ [10:07 10/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0becc79b-400c-4459-ad80-baa10c93cf3e} d------ [17:53 07/01/2012]
snapshot.etl --a---- 311296 bytes [17:53 07/01/2012] [17:51 07/01/2012]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0f4006e9-a455-401b-bb78-17041c30d6c0} d------ [16:07 15/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{120fcd12-04d1-42b3-9305-82a412468a0f} d------ [14:35 15/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{1d9c4736-eba8-4efb-87ca-55e167ae0451} d------ [19:49 02/01/2012]
snapshot.etl --a---- 262144 bytes [19:49 02/01/2012] [19:47 02/01/2012]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{21bf109b-4b1e-48d7-ba70-9a70dd38fd35} d------ [14:52 27/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{2b95477a-92d3-4fef-a472-ab781e120fd8} d------ [03:06 29/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{2d6bdd75-d3cf-43fd-9e41-eb30fc9ef132} d------ [03:04 26/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3363ed2c-013f-4cea-818d-457ff69785cb} d------ [10:20 22/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{38f27fff-2ca9-46a8-ad54-e78e753d35e9} d------ [21:24 11/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3a546967-eb48-4984-8791-400e65d5d712} d------ [16:39 12/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3cb883b0-08cb-4088-957a-777a67d75d92} d------ [13:47 07/01/2012]
snapshot.etl --a---- 278528 bytes [13:47 07/01/2012] [13:44 07/01/2012]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3eb5a580-acae-4338-b59b-ad5c272f27bf} d------ [10:45 16/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4462eeba-b212-4c8d-b0a5-908601e7e588} d------ [13:24 09/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{46645c9b-4466-4bbc-8ebf-f9a25c0d5d3e} d------ [00:11 30/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{46d314f7-ed97-4744-8e71-56264867a199} d------ [12:11 31/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{46dd7c11-10b4-4668-b71f-39796267acaa} d------ [09:48 14/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4a51cec8-aa44-4e4e-9b1b-575884d10382} d------ [01:14 09/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4bc047eb-4268-44e6-8816-f0eefba75ee2} d------ [16:30 22/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{533bcee1-94c3-4d10-9bcd-7204814ac2c2} d------ [13:05 10/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{584775f1-bb7b-4fd7-b837-1aaf21b97803} d------ [01:15 06/01/2012]
snapshot.etl --a---- 311296 bytes [01:15 06/01/2012] [01:13 06/01/2012]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5a02942d-9944-4822-987a-0267a0b852b7} d------ [18:14 07/01/2012]
snapshot.etl --a---- 262144 bytes [18:14 07/01/2012] [18:12 07/01/2012]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5a881d08-b250-4508-a66c-89697489ab50} d------ [20:57 27/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{65981ef3-9aae-4d90-a462-65ad24ddfb9f} d------ [16:01 18/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{65bdc56c-e644-4fa9-bbfb-0a3607cdc929} d------ [15:22 29/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{6867c0d3-684e-427a-9504-f0d8fb6ed42b} d------ [17:21 23/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{6ab403e1-2d19-4b99-a4d3-257d6f710137} d------ [11:51 10/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7335981c-a04b-4e34-abfe-130de06453d9} d------ [14:19 17/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7cb17f5c-a4c3-49c3-b36d-aac821da47ee} d------ [14:44 05/01/2012]
snapshot.etl --a---- 278528 bytes [14:44 05/01/2012] [14:42 05/01/2012]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{8a009a4f-88e2-4a33-9e45-6333562fcdf0} d------ [19:38 28/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{8c31097a-cca6-4e8f-b24b-856aee8b862d} d------ [08:29 29/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{8c8612df-da0e-47b5-9896-4acdd73a27d5} d------ [14:43 11/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{9081095f-fbf2-45f5-bcc3-e932a56726f6} d------ [17:59 30/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{90889ee7-c8c9-42f9-bb8d-6b5f733527c3} d------ [01:00 27/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{920dfb9a-722a-4327-9e86-d0de15056c2c} d------ [17:21 25/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{9365d38d-cebd-4b83-8f3b-48a16da86665} d------ [17:43 24/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{9407e5ae-b1a0-4885-9af6-b65b7416de2f} d------ [21:27 26/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{963ebda5-eccc-4abb-be9b-4f1223f3f964} d------ [10:18 17/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{98494dc0-d71e-400a-83db-62283d307eb9} d------ [15:36 21/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{998210e1-356d-4156-b11c-9f5fcfee6f1e} d------ [12:44 15/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{999e87d4-2c57-4779-a63a-a439108f9061} d------ [23:45 29/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{9d379255-47bd-400b-bd9c-0cc061a313a5} d------ [05:42 01/01/2012]
snapshot.etl --a---- 311296 bytes [05:42 01/01/2012] [05:40 01/01/2012]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{9fcb2a13-1a37-4c8d-9ca3-defc265a6ee5} d------ [12:40 13/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{a60f18d6-a106-4773-9fbd-6e75dbb67af4} d------ [13:10 17/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{aba4205d-62cb-428a-bd53-e995d874e6fa} d------ [15:52 01/01/2012]
snapshot.etl --a---- 294912 bytes [15:52 01/01/2012] [15:49 01/01/2012]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{c1ca6b6d-924f-4764-9cb1-cec898c03bb1} d------ [17:02 06/01/2012]
snapshot.etl --a---- 278528 bytes [17:02 06/01/2012] [17:00 06/01/2012]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{c54f0bb9-8201-435a-9c65-4524b24c3168} d------ [00:48 29/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{c9ccab0d-97fb-42b8-8fb0-65e326452232} d------ [17:04 28/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{ca1a6717-97c0-4c2e-abb8-d3b485b74b1a} d------ [11:13 12/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{cab41e3a-1418-4d51-9740-5bccd07c40c1} d------ [13:21 31/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{cac889bd-83b9-4ab3-a29f-d1095a79d290} d------ [02:53 29/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{cd757c6f-5d1b-4d2c-8649-e2a7ea5c2065} d------ [01:40 20/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{da45c326-cffa-4274-aaa8-0cb412371e00} d------ [13:48 24/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e32e77ed-8254-4823-a608-0eda28258461} d------ [01:34 30/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e71b6489-e932-4b7c-b347-84ea2bddf35a} d------ [14:35 20/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e8f92d57-1f7d-42a7-aff3-d29387c372ba} d------ [13:57 14/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{ea7f3bf3-59e8-488b-b800-8a200b2ec800} d------ [11:36 19/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{ebe69833-89cd-4fcb-8d13-de6ba942ef82} d------ [15:51 03/01/2012]
snapshot.etl --a---- 294912 bytes [15:51 03/01/2012] [15:49 03/01/2012]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{ec6aa49e-b053-493c-a3cb-d86ede26f0f5} d------ [16:07 02/01/2012]
snapshot.etl --a---- 311296 bytes [16:07 02/01/2012] [16:04 02/01/2012]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{ef475832-910a-4e39-ac2b-97df83ffd366} d------ [13:40 13/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{f023e70e-b5e2-4521-8315-b792cf05caa8} d------ [16:22 07/01/2012]
snapshot.etl --a---- 311296 bytes [16:22 07/01/2012] [16:20 07/01/2012]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{f540ee5b-f4c3-48dc-aca1-f6027acad158} d------ [14:49 23/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{f576d7e3-370d-4a31-902c-3d242ea99d15} d------ [22:13 26/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{f72a4973-b412-4463-92eb-47a3a8bb14c1} d------ [15:17 14/12/2011]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{f80d4cd5-8a18-4c82-be59-1eb68fffec1c} d------ [20:08 01/01/2012]
snapshot.etl --a---- 278528 bytes [20:08 01/01/2012] [20:06 01/01/2012]

c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{fb79d7dc-2d17-4880-9b05-c67f2bb3dcb8} d------ [15:12 04/01/2012]
snapshot.etl --a---- 278528 bytes [15:12 04/01/2012] [15:10 04/01/2012]

c:\windows\system32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4} d------ [19:43 13/02/2010]

c:\windows\system32\wfp d------ [03:20 14/07/2009]
wfpdiag.etl ------- 16384 bytes [05:09 14/07/2009] [18:13 07/01/2012]

c:\windows\system32\WinBioDatabase d------ [05:32 14/07/2009]

c:\windows\system32\WinBioPlugIns d------ [05:32 14/07/2009]

c:\windows\system32\WinBioPlugIns\en-US d------ [05:37 14/07/2009]

c:\windows\system32\WindowsPowerShell d------ [05:32 14/07/2009]

c:\windows\system32\WindowsPowerShell\v1.0 d------ [05:32 14/07/2009]

c:\windows\system32\WindowsPowerShell\v1.0\en-US d------ [05:37 14/07/2009]

c:\windows\system32\WindowsPowerShell\v1.0\Examples d------ [05:32 14/07/2009]

c:\windows\system32\WindowsPowerShell\v1.0\Modules d------ [05:32 14/07/2009]

c:\windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer d---s-- [05:32 14/07/2009]

c:\windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US d---s-- [05:37 14/07/2009]

c:\windows\system32\WindowsPowerShell\v1.0\Modules\PSDiagnostics d------ [05:32 14/07/2009]

c:\windows\system32\WindowsPowerShell\v1.0\Modules\TroubleshootingPack d------ [05:32 14/07/2009]

c:\windows\system32\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\en-US d------ [05:37 14/07/2009]

c:\windows\system32\WindowsPowerShell\v1.0\Modules\WebAdministration d------ [23:27 04/01/2011]

c:\windows\system32\WindowsPowerShell\v1.0\Modules\WebAdministration\en-US d------ [23:27 04/01/2011]

c:\windows\system32\winevt d------ [03:20 14/07/2009]

c:\windows\system32\winevt\Logs d------ [03:20 14/07/2009]
Application.evtx --a---- 20975616 bytes [17:02 24/11/2009] [18:12 07/01/2012]
Microsoft-Windows-Application-Experience%4Program-Inventory.evtx --a---- 1052672 bytes [17:02 24/11/2009] [05:36 07/01/2012]
Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx --a---- 1052672 bytes [17:02 24/11/2009] [05:36 07/01/2012]
Microsoft-Windows-Bits-Client%4Operational.evtx --a---- 1052672 bytes [17:04 24/11/2009] [18:12 07/01/2012]
Microsoft-Windows-CodeIntegrity%4Operational.evtx --a---- 1052672 bytes [14:55 14/02/2010] [18:12 07/01/2012]
Microsoft-Windows-Dhcp-Client%4Admin.evtx --a---- 1052672 bytes [17:02 24/11/2009] [05:36 07/01/2012]
Microsoft-Windows-Dhcpv6-Client%4Admin.evtx --a---- 1052672 bytes [17:02 24/11/2009] [18:12 07/01/2012]
Microsoft-Windows-Diagnosis-DPS%4Operational.evtx --a---- 1052672 bytes [17:02 24/11/2009] [18:12 07/01/2012]
Microsoft-Windows-Diagnosis-PCW%4Operational.evtx --a---- 1052672 bytes [13:05 21/01/2011] [06:58 03/01/2012]
Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx --a---- 1052672 bytes [17:08 24/11/2009] [08:56 02/01/2012]
Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx --a---- 1052672 bytes [07:36 14/02/2010] [08:56 02/01/2012]
Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx --a---- 1052672 bytes [07:36 14/02/2010] [08:56 02/01/2012]
Microsoft-Windows-Diagnostics-Performance%4Operational.evtx --a---- 1052672 bytes [17:07 24/11/2009] [18:14 07/01/2012]
Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx --a---- 1052672 bytes [17:03 24/11/2009] [18:12 07/01/2012]
Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx --a---- 69632 bytes [21:04 14/02/2010] [05:47 05/01/2012]
Microsoft-Windows-GroupPolicy%4Operational.evtx --a---- 4198400 bytes [17:02 24/11/2009] [18:12 07/01/2012]
Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx --a---- 1052672 bytes [02:25 13/02/2010] [18:12 07/01/2012]
Microsoft-Windows-Kernel-EventTracing%4Admin.evtx --a---- 1052672 bytes [23:35 12/04/2010] [19:23 02/01/2012]
Microsoft-Windows-Kernel-WHEA%4Operational.evtx --a---- 1052672 bytes [17:02 24/11/2009] [18:12 07/01/2012]
Microsoft-Windows-Known Folders API Service.evtx --a---- 1052672 bytes [17:03 24/11/2009] [18:25 07/01/2012]
Microsoft-Windows-LanguagePackSetup%4Operational.evtx --a---- 1052672 bytes [17:53 24/11/2009] [05:36 07/01/2012]
Microsoft-Windows-NetworkLocationWizard%4Operational.evtx --a---- 69632 bytes [20:07 29/12/2010] [05:14 01/01/2012]
Microsoft-Windows-NetworkProfile%4Operational.evtx --a---- 1052672 bytes [02:18 13/02/2010] [18:12 07/01/2012]
Microsoft-Windows-ReadyBoost%4Operational.evtx --a---- 1052672 bytes [17:03 24/11/2009] [18:14 07/01/2012]
Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx --a---- 1052672 bytes [17:06 24/11/2009] [18:12 07/01/2012]
Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx --a---- 1052672 bytes [05:11 14/02/2010] [15:12 07/01/2012]
Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx --a---- 1052672 bytes [17:02 24/11/2009] [18:12 07/01/2012]
Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx --a---- 1052672 bytes [19:08 30/12/2010] [18:12 07/01/2012]
Microsoft-Windows-User Profile Service%4Operational.evtx --a---- 4198400 bytes [17:02 24/11/2009] [18:12 07/01/2012]
Microsoft-Windows-WER-Diag%4Operational.evtx --a---- 69632 bytes [21:04 14/02/2010] [05:47 05/01/2012]
Microsoft-Windows-Windows Defender%4Operational.evtx --a---- 1052672 bytes [17:04 24/11/2009] [17:50 07/01/2012]
Microsoft-Windows-Windows Defender%4WHC.evtx --a---- 1052672 bytes [17:04 24/11/2009] [18:12 07/01/2012]
Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx --a---- 1052672 bytes [17:02 24/11/2009] [18:12 07/01/2012]
Microsoft-Windows-WindowsBackup%4ActionCenter.evtx --a---- 1052672 bytes [17:08 24/11/2009] [15:12 07/01/2012]
Microsoft-Windows-WindowsUpdateClient%4Operational.evtx --a---- 1052672 bytes [17:08 24/11/2009] [18:16 07/01/2012]
Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx --a---- 69632 bytes [16:32 26/12/2011] [18:11 07/01/2012]
Security.evtx --a---- 20975616 bytes [17:02 24/11/2009] [18:12 07/01/2012]
System.evtx --a---- 20975616 bytes [17:02 24/11/2009] [18:12 07/01/2012]

c:\windows\system32\winevt\TraceFormat d------ [03:20 14/07/2009]

c:\windows\system32\winrm d------ [05:37 14/07/2009]

c:\windows\system32\winrm\0409 d------ [05:37 14/07/2009]

c:\windows\system32\zh-CN d------ [03:20 14/07/2009]

c:\windows\system32\zh-HK d------ [03:20 14/07/2009]

c:\windows\system32\zh-TW d------ [03:20 14/07/2009]

-= EOF =-

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:34 PM

Posted 08 January 2012 - 08:01 AM

Hi Areee,

I'm pretty sure you had the Spyware Doctor with AntiVirus version installed, as that is what DDS reported, and why I instructed you to either uninstall that or Avast, and you said you uninstalled it:

Uninstalled spyware doctor's program.


:step1: We need to run an OTL Fix
  • Please download OTL from one of the following mirrors:
  • This is THE Mirror
  • Double click on Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :files
    c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache
    
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

:step2: OTL Scan
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Please post the report from step one, as well as both reports from step 2 into your next reply.


Did your computer seem laggy before you got infected?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 Areee

Areee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 08 January 2012 - 11:15 AM

========== FILES ==========
c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 01082012_110116




OTL logfile created on: 1/8/2012 11:03:35 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\pryvian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.44 Gb Available Physical Memory | 25.15% Memory free
3.50 Gb Paging File | 1.99 Gb Available in Paging File | 56.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.54 Gb Total Space | 434.13 Gb Free Space | 63.23% Space Free | Partition Type: NTFS

Computer Name: KNIGHT | User Name: pryvian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/08 10:59:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\pryvian\Desktop\OTL.exe
PRC - [2011/12/21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/11/20 07:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/21 02:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/04/19 11:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/04/19 11:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2012/01/02 16:46:08 | 000,818,169 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\msvfd32.exe -- (Adobe Licensing Console)
SRV - [2011/10/03 19:39:01 | 000,419,624 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/05/20 13:24:48 | 000,317,296 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 19:10:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/19 17:57:00 | 003,449,616 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/31 07:18:46 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/12 11:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/06/21 18:07:33 | 000,102,656 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swiwdmbusx64.sys -- (swiwdmbus)
DRV:64bit: - [2010/06/21 17:51:29 | 000,210,944 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV:64bit: - [2010/06/21 17:51:01 | 000,240,640 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2005/06/14 12:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/04 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g206p0305v155r4961s256
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g206p0305v155r4961s256


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1931139771-639115300-473801051-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1931139771-639115300-473801051-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1931139771-639115300-473801051-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\pryvian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/25 19:57:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/01 00:58:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/26 20:49:39 | 000,000,000 | ---D | M]

[2011/12/26 07:10:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pryvian\AppData\Roaming\mozilla\Extensions
[2011/02/13 01:38:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pryvian\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/12/20 23:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pryvian\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012/01/05 14:31:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pryvian\AppData\Roaming\mozilla\Firefox\Profiles\qk81sx86.default\extensions
[2012/01/01 00:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\PRYVIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QK81SX86.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\pryvian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\pryvian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\pryvian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: PanicButton = C:\Users\pryvian\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.1_0\
CHR - Extension: AdBlock = C:\Users\pryvian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.9_0\
CHR - Extension: Gmail = C:\Users\pryvian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/01/07 13:12:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1931139771-639115300-473801051-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1931139771-639115300-473801051-1001\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1931139771-639115300-473801051-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1931139771-639115300-473801051-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1931139771-639115300-473801051-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1931139771-639115300-473801051-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1931139771-639115300-473801051-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\pryvian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} http://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab (Reg Error: Key error.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{189A7EA4-E3E5-4BEB-805A-E0A751964664}: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B5C487E-0151-4555-91CA-D84C3FCFF779}: DhcpNameServer = 172.26.38.1 172.26.38.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/08 11:01:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/08 10:59:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\pryvian\Desktop\OTL.exe
[2012/01/08 00:46:40 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{9AA3F4A5-FA77-499D-83F7-973D16885209}
[2012/01/08 00:46:03 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{2A43F6B4-767C-42F5-AA34-8CEA5F7ABFE3}
[2012/01/07 18:50:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/07 18:39:24 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2012/01/07 18:39:23 | 000,308,224 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2012/01/07 18:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WM Recorder 14
[2012/01/07 18:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMR14
[2012/01/07 17:52:48 | 000,000,000 | R--D | C] -- C:\Users\pryvian\Desktop\League bleep
[2012/01/07 13:11:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/07 12:58:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/07 12:58:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/07 12:58:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/07 12:58:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/07 12:58:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/07 12:53:36 | 004,373,779 | R--- | C] (Swearware) -- C:\Users\pryvian\Desktop\ComboFix.exe
[2012/01/07 12:45:32 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{BB909430-FBCB-49AB-8D4F-B4F6F080F79B}
[2012/01/07 12:44:48 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{8BC6A248-7026-468B-A7E8-EE83AA820025}
[2012/01/06 12:56:03 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{344E60D4-1304-4216-B43D-CD8D5E42DEC9}
[2012/01/06 12:55:27 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{7F6B8F4E-13ED-42D1-A94D-4CA4D5E4C689}
[2012/01/06 00:12:04 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{E086CF3F-433D-4101-B5E5-D860B0C69A3A}
[2012/01/06 00:11:04 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{AD64163C-736B-4C11-9838-E46FF99FFBDF}
[2012/01/05 12:10:34 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{F951BA12-77E4-4DA3-A53B-0C0AD324868A}
[2012/01/05 12:10:12 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{611785CE-A071-4EAE-8802-9C787FEBA983}
[2012/01/04 12:26:13 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{DD4D7B3D-27CA-4DDE-8D62-F671ED4BAB98}
[2012/01/04 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{985E4BEA-F677-4CF5-94F9-16B864515E5D}
[2012/01/04 00:25:04 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{376F590D-DFDC-447A-8EA3-C2A994634625}
[2012/01/04 00:24:11 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{ABC4308B-C218-4BF7-B3F1-275E68B9AFDB}
[2012/01/03 16:39:26 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\IsolatedStorage
[2012/01/03 12:23:43 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{1FBB2A0B-D8CD-4E01-8216-B09E4B440A08}
[2012/01/03 12:23:03 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{40241F03-E283-4D63-8687-F08E0DA3F8B8}
[2012/01/02 23:30:01 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{F1C50E42-0F63-4787-A9DF-BB9AE052E6EC}
[2012/01/02 23:29:41 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{DFBC1C03-5884-4640-A787-0CBFD755CDF2}
[2012/01/02 16:51:16 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2012/01/02 16:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2012/01/02 16:50:36 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\SysWow64\vorbis.acm
[2012/01/02 16:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012/01/02 16:46:08 | 000,818,169 | ---- | C] ( ) -- C:\Windows\SysWow64\msvfd32.exe
[2012/01/02 11:29:12 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{E80BF445-1743-4F31-8A46-BE3B73E49AA5}
[2012/01/02 11:28:29 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{E1FBBB64-6720-4641-8B27-E2F1A159C0D1}
[2012/01/01 17:01:08 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{A08A3BAF-E307-4787-90C2-06BDA5F63D71}
[2012/01/01 17:00:37 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{4C291400-46FC-4C05-95CF-EBF9AAD17A57}
[2012/01/01 11:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ragnarok Online
[2012/01/01 11:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gravity
[2011/12/31 23:45:05 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{3494B44C-8BDC-48A4-8D2B-7F101E192A79}
[2011/12/31 23:44:53 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{5C552811-1563-46E6-88D4-4E74038F8BF8}
[2011/12/31 20:02:53 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{3A14A90A-44C7-4F06-A390-9BCF0363BFC5}
[2011/12/31 11:59:44 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/12/31 11:59:43 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/12/31 11:59:43 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/12/31 11:59:39 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011/12/31 11:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games
[2011/12/31 11:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WB Games
[2011/12/31 07:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/12/31 07:18:46 | 000,279,616 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/12/31 07:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/12/31 00:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
[2011/12/31 00:51:00 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Roaming\Rovio
[2011/12/31 00:46:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rovio
[2011/12/31 00:24:09 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{F4DABFFF-0E52-498A-8D39-22DD1CD3BA12}
[2011/12/31 00:23:01 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{95E34E5C-93A0-4225-A72E-E32A955FE37F}
[2011/12/30 21:57:36 | 000,000,000 | ---D | C] -- C:\Users\pryvian\Desktop\Mp3 Player Backup
[2011/12/30 12:22:30 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{CB102AAB-B18B-4FC6-8F39-8B9CCD3C390F}
[2011/12/30 12:21:54 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{91511AC1-3424-4FDC-A3C6-887806B8D1AB}
[2011/12/30 00:21:24 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{653CF653-1BD8-4CA8-95E0-3639D43DCDA1}
[2011/12/30 00:20:48 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{7590025A-CAE7-4516-A751-C209CD04187F}
[2011/12/29 17:40:13 | 000,000,000 | ---D | C] -- C:\Users\pryvian\Desktop\Tools & Backup
[2011/12/29 17:39:52 | 000,000,000 | ---D | C] -- C:\Users\pryvian\Desktop\Games & Media
[2011/12/29 17:39:45 | 000,000,000 | ---D | C] -- C:\Users\pryvian\Desktop\My Work
[2011/12/29 17:39:32 | 000,000,000 | ---D | C] -- C:\Users\pryvian\Desktop\Archive
[2011/12/29 17:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/29 17:33:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/29 17:33:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/29 17:33:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/29 17:13:38 | 000,000,000 | ---D | C] -- C:\Users\pryvian\Desktop\Downloads & Torrents
[2011/12/29 12:19:53 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{6DA54677-EFB4-4F71-8362-AEA45B849748}
[2011/12/29 12:18:43 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{98256A50-38AD-425E-A2C3-961E18828BB4}
[2011/12/29 00:17:45 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{C387B2BD-5DBA-45CC-A4B3-C51C7F988381}
[2011/12/29 00:16:39 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{DBDB6739-91DE-4ACB-AC95-74F1F7B28D5F}
[2011/12/28 19:37:58 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Roaming\Malwarebytes
[2011/12/28 19:35:16 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/12/28 19:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/28 19:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/28 19:35:07 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/28 19:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/28 12:15:58 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{6A58FC51-3B96-4127-AFBF-2FC773770111}
[2011/12/28 12:15:28 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{9050FB6D-8504-4C1F-8FE2-2FD3ECC42CCF}
[2011/12/27 22:43:30 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{97B64B1D-2E66-4ED1-B35F-9C780CF18367}
[2011/12/27 22:43:06 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{14625B39-CB39-4AD6-B721-087DC7E39D37}
[2011/12/27 19:52:21 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/12/27 19:52:21 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/12/27 19:52:20 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/12/27 19:52:20 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/12/27 19:52:18 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/12/27 19:42:45 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/12/27 19:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/12/27 19:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeagueOfLegends
[2011/12/27 19:10:19 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\PMB Files
[2011/12/27 19:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/12/27 10:42:36 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{1ED318E7-0FAD-471A-810B-B414848C9D7C}
[2011/12/27 10:41:49 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{090D2DE5-9EF5-423A-9318-3500A4CC260F}
[2011/12/26 22:41:16 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{4371100D-C423-40BF-986A-ADD5311DD08B}
[2011/12/26 22:40:43 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{D374EBBB-67D7-4F27-9E22-2E9D71E64989}
[2011/12/26 20:56:01 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\Threat Expert
[2011/12/26 18:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/26 18:56:45 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/26 18:56:40 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/26 18:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2011/12/26 18:41:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/12/26 18:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/12/26 18:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/12/26 18:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/12/26 11:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/12/26 11:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/12/26 11:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2011/12/26 11:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/12/26 10:40:01 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{3CA092D6-F48A-46C9-978A-3DB7E803D415}
[2011/12/26 10:39:20 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{E61DB507-110A-4B7E-8126-CF003D952713}
[2011/12/25 19:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/25 19:58:04 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/12/25 19:58:04 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/12/25 19:57:57 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/12/25 19:57:55 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/12/25 19:57:53 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/12/25 19:57:50 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/12/25 19:57:30 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/12/25 19:57:29 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/12/25 13:47:21 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{980A628B-C7A0-4521-8A8F-53F0BDEC43E7}
[2011/12/25 13:46:58 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{9245F887-1378-49E4-90E7-6273A6CC87A2}
[2011/12/25 00:53:27 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{8FE7BC5A-1012-46B8-985A-162997F6C1D7}
[2011/12/24 12:52:37 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{36A3CEE1-80E0-4822-849E-57D9B7FFBE86}
[2011/12/24 12:52:15 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{68EBE386-C082-4AF4-A878-5DE1D1128B11}
[2011/12/24 00:21:43 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{63CD4416-C46C-4089-9D87-297E66BD5703}
[2011/12/24 00:21:08 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{D9B1F17C-F46C-4C2A-A9F5-69D92009C468}
[2011/12/23 22:28:02 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Roaming\MoreTerra
[2011/12/23 12:20:40 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{4DAE6593-0175-42B8-AF42-ED396B1C7935}
[2011/12/23 12:20:18 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{C24FF2B0-282B-4CCB-92B2-88D418F1DDB0}
[2011/12/22 23:38:00 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{AFCEF8D3-5F88-48A0-939B-34E5537BA4E3}
[2011/12/22 23:37:25 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{7B6E757B-5A13-4812-8D36-1D114B8E678F}
[2011/12/22 11:36:56 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{41AAEF58-B99E-49AA-AB6E-48DA3CB28F78}
[2011/12/22 11:36:35 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{355D37AC-DFD6-400C-AD84-4BE6F34A6210}
[2011/12/21 11:03:38 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{38F64092-CDA4-47D9-9EAE-0CEF160A4253}
[2011/12/21 11:03:26 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{D3537D48-8038-4379-9485-96A99819C894}
[2011/12/20 13:48:27 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\LogMeIn Hamachi
[2011/12/20 13:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/12/20 13:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011/12/20 13:01:51 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{D51FD2E0-B98B-41EF-BE02-4AF504C01F75}
[2011/12/20 13:01:36 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{048D08D9-0761-4755-AC43-790819875EA4}
[2011/12/20 00:04:29 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{6E46972F-1C21-4AEA-9D56-66419BA9A8CB}
[2011/12/20 00:04:15 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{751B18DA-F494-4F48-85D6-3C65E145B394}
[2011/12/19 12:03:55 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{C521310F-A89B-4859-B37E-A92F30F67B7F}
[2011/12/19 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{041BCEC0-AAD6-41DB-90BE-FC303D5D65BC}
[2011/12/19 00:03:20 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{E115D7B6-87D3-4F74-8DD0-97E954561EBA}
[2011/12/19 00:03:04 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{20A4E51E-E7BD-4A71-A53B-25A2891A0A4A}
[2011/12/18 12:02:44 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{D68AA023-C874-48C6-B4C9-CCEFD1E39EFC}
[2011/12/18 12:02:37 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{658AB284-AA71-4EB2-8A06-86D9DB72BA2A}
[2011/12/17 22:17:02 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{CD1B7694-956C-4C40-80C2-071CCF14C73C}
[2011/12/17 10:16:40 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{38F50F04-FC39-4083-99E1-0D9E8DF5872A}
[2011/12/17 10:16:36 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{01F37A24-51AF-4317-8349-138112C87919}
[2011/12/16 11:22:02 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{9B6D2AD1-1882-4EE9-B13C-A9363356D221}
[2011/12/16 11:21:57 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{510B1B8E-4F20-4C38-A2EA-7A6E796CCFF5}
[2011/12/16 06:05:45 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{9378644F-AF81-43B7-8CB7-5956F813FD85}
[2011/12/15 11:46:52 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{C23A5C9A-D6D5-43BB-8100-8D26FBD1AF96}
[2011/12/15 11:46:36 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{1EF9AD08-8DDF-4653-BD4A-B16E53E3D98E}
[2011/12/14 23:46:16 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{84A20AF8-50CB-43E0-A9B5-D84957B40464}
[2011/12/14 23:46:13 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{FC5EBA71-D8FC-467C-8CC6-E2CC929C5DDC}
[2011/12/14 15:26:45 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 15:26:30 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/14 15:26:30 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 15:26:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 15:26:29 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 15:26:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 15:26:29 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 15:26:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 15:26:04 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 15:26:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/14 11:41:01 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{6711F457-CF6A-45C4-972F-90B44E35405F}
[2011/12/14 11:40:46 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{EE1125A2-DF88-4D8A-88BD-0CD0D0CE3BFC}
[2011/12/13 23:40:25 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{7ABBD96A-2B6C-4C95-AF59-6DFEA9C7CAFF}
[2011/12/13 11:40:03 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{D0DB920C-E63B-45D8-84A0-8A7DFEF2567A}
[2011/12/13 11:39:48 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{53E53698-3BA2-45B4-A053-7ECF5AD88993}
[2011/12/13 01:22:30 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2011/12/12 23:39:28 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{76EA7B24-B6BF-4CBD-A144-CA731CAF44CD}
[2011/12/12 23:39:13 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{4218832E-4BA6-47E2-8A3B-D429CAA11A00}
[2011/12/12 11:38:54 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{340901E4-1D11-418D-B8B2-DD72131DD7CA}
[2011/12/12 11:38:50 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{68E24648-CF2A-4699-8CCA-9B540E6680C2}
[2011/12/11 22:46:12 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{969E7BAE-143C-4614-BE45-13ACD9786184}
[2011/12/11 22:45:56 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{C3D5D85B-C09A-497E-B0F1-466518B25C12}
[2011/12/11 16:32:15 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/12/11 16:32:15 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/12/11 16:32:15 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/12/11 16:32:14 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/12/11 16:32:13 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/12/11 16:32:13 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/12/11 16:32:12 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011/12/11 16:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2011/12/11 16:13:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/12/11 10:45:35 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{C594897E-24A0-4A1F-836A-59CA9319466A}
[2011/12/11 10:45:32 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{7D987E7C-1443-4F62-92B1-50B21BA2F608}
[2011/12/10 20:05:55 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{997DEECD-2885-4F90-B917-F0E44D8D93F4}
[2011/12/10 20:05:39 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{046384D1-6305-4AD4-856B-ECFA22222702}
[2011/12/10 08:05:17 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{BE5ACAF4-B0FA-40C8-AEA5-908B40DFB64E}
[2011/12/10 08:05:13 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{242635C3-C2C0-43EC-B165-F266818BC03F}
[2011/12/09 12:09:59 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{00B02196-7ED3-4389-9BD9-455AA21DC8D3}
[2011/12/09 12:09:44 | 000,000,000 | ---D | C] -- C:\Users\pryvian\AppData\Local\{997609F7-F092-426C-937F-34791771DDF7}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/08 11:02:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/08 11:02:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/08 10:59:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\pryvian\Desktop\OTL.exe
[2012/01/08 10:55:06 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/08 10:55:05 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/01/08 10:54:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/08 10:54:48 | 1408,786,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/08 02:54:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/07 18:21:35 | 000,001,130 | ---- | M] () -- C:\Users\pryvian\Desktop\WM Converter 14.lnk
[2012/01/07 18:21:35 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\WM Recorder 14.lnk
[2012/01/07 15:27:59 | 000,165,376 | ---- | M] () -- C:\Users\pryvian\Desktop\SystemLook_x64.exe
[2012/01/07 13:12:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/07 12:53:41 | 004,373,779 | R--- | M] (Swearware) -- C:\Users\pryvian\Desktop\ComboFix.exe
[2012/01/07 08:50:48 | 000,858,204 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/07 08:50:48 | 000,717,976 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/07 08:50:48 | 000,140,468 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/02 16:50:57 | 000,001,115 | ---- | M] () -- C:\Users\pryvian\Desktop\FL Studio 10.lnk
[2012/01/02 16:46:08 | 000,818,169 | ---- | M] ( ) -- C:\Windows\SysWow64\msvfd32.exe
[2012/01/01 11:21:03 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\Ragnarok.lnk
[2012/01/01 01:00:04 | 000,205,191 | ---- | M] () -- C:\Users\pryvian\Desktop\bookmarks_1_1_12.html
[2012/01/01 00:58:18 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/31 11:57:53 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Bastion.lnk
[2011/12/31 07:20:03 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/12/31 07:19:22 | 001,768,990 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/31 07:18:46 | 000,279,616 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/12/31 01:22:37 | 000,001,638 | ---- | M] () -- C:\Users\pryvian\Desktop\AngryBirdsSeasonsC - Shortcut.lnk
[2011/12/31 01:21:02 | 769,053,198 | ---- | M] () -- C:\Users\pryvian\Desktop\Bastion-TiNYiSO.rar
[2011/12/31 01:04:41 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds.lnk
[2011/12/31 00:57:31 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2011/12/30 16:13:08 | 000,002,284 | ---- | M] () -- C:\Users\pryvian\Desktop\J.K. Rowling - HP 1 - Harry Potter and the Sorcerer's Stone - Shortcut.lnk
[2011/12/29 21:49:20 | 000,001,803 | ---- | M] () -- C:\Users\pryvian\Desktop\Anime - Shortcut.lnk
[2011/12/29 18:37:45 | 002,290,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/29 18:29:56 | 000,000,975 | ---- | M] () -- C:\Users\pryvian\Desktop\Pivot.lnk
[2011/12/29 18:21:58 | 000,001,697 | ---- | M] () -- C:\Users\pryvian\Desktop\Terraria.lnk
[2011/12/29 17:33:10 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/29 17:33:10 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/29 17:33:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/12/29 17:33:09 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/28 12:28:41 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/12/27 19:52:24 | 000,001,547 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/12/27 19:38:43 | 000,007,601 | ---- | M] () -- C:\Users\pryvian\AppData\Local\Resmon.ResmonCfg
[2011/12/26 21:32:18 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/12/25 15:51:15 | 000,000,884 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111226-071506.backup
[2011/12/20 13:46:58 | 000,000,913 | ---- | M] () -- C:\Users\pryvian\Desktop\LogMeIn Hamachi.lnk
[2011/12/12 09:39:35 | 000,844,860 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/07 18:21:35 | 000,001,130 | ---- | C] () -- C:\Users\pryvian\Desktop\WM Converter 14.lnk
[2012/01/07 18:21:35 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\WM Recorder 14.lnk
[2012/01/07 15:27:47 | 000,165,376 | ---- | C] () -- C:\Users\pryvian\Desktop\SystemLook_x64.exe
[2012/01/07 12:58:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/07 12:58:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/07 12:58:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/07 12:58:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/07 12:58:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/02 16:50:57 | 000,001,115 | ---- | C] () -- C:\Users\pryvian\Desktop\FL Studio 10.lnk
[2012/01/01 11:21:03 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\Ragnarok.lnk
[2012/01/01 01:00:04 | 000,205,191 | ---- | C] () -- C:\Users\pryvian\Desktop\bookmarks_1_1_12.html
[2012/01/01 00:58:18 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/01 00:58:18 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/31 20:07:47 | 000,000,913 | ---- | C] () -- C:\Users\pryvian\Desktop\LogMeIn Hamachi.lnk
[2011/12/31 11:57:53 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Bastion.lnk
[2011/12/31 07:20:03 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/12/31 01:22:37 | 000,001,638 | ---- | C] () -- C:\Users\pryvian\Desktop\AngryBirdsSeasonsC - Shortcut.lnk
[2011/12/31 01:04:41 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds.lnk
[2011/12/31 00:57:31 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2011/12/31 00:38:09 | 769,053,198 | ---- | C] () -- C:\Users\pryvian\Desktop\Bastion-TiNYiSO.rar
[2011/12/30 16:13:08 | 000,002,284 | ---- | C] () -- C:\Users\pryvian\Desktop\J.K. Rowling - HP 1 - Harry Potter and the Sorcerer's Stone - Shortcut.lnk
[2011/12/29 21:47:42 | 000,001,803 | ---- | C] () -- C:\Users\pryvian\Desktop\Anime - Shortcut.lnk
[2011/12/29 18:29:56 | 000,000,975 | ---- | C] () -- C:\Users\pryvian\Desktop\Pivot.lnk
[2011/12/27 19:52:24 | 000,001,547 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/12/26 18:37:05 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/12/26 11:28:31 | 001,768,990 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/11 17:58:13 | 000,001,697 | ---- | C] () -- C:\Users\pryvian\Desktop\Terraria.lnk
[2011/10/05 21:56:28 | 000,000,029 | ---- | C] () -- C:\Windows\Index.ini
[2011/08/20 17:35:53 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2011/08/20 17:35:53 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011/06/26 13:24:53 | 000,039,424 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/02/12 22:05:32 | 000,007,601 | ---- | C] () -- C:\Users\pryvian\AppData\Local\Resmon.ResmonCfg
[2011/01/24 19:00:28 | 000,156,776 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/01/18 03:53:32 | 002,994,688 | ---- | C] () -- C:\Program Files (x86)\openofficeorg33.msi
[2011/01/18 03:52:10 | 000,475,016 | ---- | C] () -- C:\Program Files (x86)\setup.exe
[2011/01/18 03:50:56 | 132,609,310 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab
[2011/01/18 03:05:08 | 000,000,290 | ---- | C] () -- C:\Program Files (x86)\setup.ini
[2011/01/04 18:29:19 | 000,844,860 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/30 14:08:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/26 07:04:21 | 000,004,096 | -H-- | C] () -- C:\Users\pryvian\AppData\Local\keyfile3.drm
[2010/07/17 16:51:16 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/05/20 13:50:30 | 000,000,023 | ---- | C] () -- C:\Users\pryvian\AppData\Local\kodakpcd.ini
[2010/04/17 23:15:19 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/02/28 12:22:42 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/02/27 14:33:30 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2010/02/19 15:34:43 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/17 21:09:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/02/13 00:29:52 | 000,000,064 | ---- | C] () -- C:\Windows\wininit.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

#13 Areee

Areee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 08 January 2012 - 11:17 AM

OTL Extras logfile created on: 1/8/2012 11:03:35 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\pryvian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.44 Gb Available Physical Memory | 25.15% Memory free
3.50 Gb Paging File | 1.99 Gb Available in Paging File | 56.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.54 Gb Total Space | 434.13 Gb Free Space | 63.23% Space Free | Partition Type: NTFS

Computer Name: KNIGHT | User Name: pryvian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1931139771-639115300-473801051-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\AT&T\AT&T Communication Manager\SwiApiMuxX.exe" = C:\Program Files (x86)\AT&T\AT&T Communication Manager\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX
"C:\Users\pryvian\AppData\Local\Temp\RarSFX0\SwiApiMuxX.exe" = C:\Users\pryvian\AppData\Local\Temp\RarSFX0\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX
"C:\Users\pryvian\AppData\Local\Temp\RarSFX1\SwiApiMuxX.exe" = C:\Users\pryvian\AppData\Local\Temp\RarSFX1\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX
"C:\Program Files (x86)\AT&T\AT&T Communication Manager\SwiApiMuxX.exe" = C:\Program Files (x86)\AT&T\AT&T Communication Manager\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX
"C:\Users\pryvian\AppData\Local\Temp\RarSFX0\SwiApiMuxX.exe" = C:\Users\pryvian\AppData\Local\Temp\RarSFX0\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX
"C:\Users\pryvian\AppData\Local\Temp\RarSFX1\SwiApiMuxX.exe" = C:\Users\pryvian\AppData\Local\Temp\RarSFX1\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HitmanPro35" = Hitman Pro 3.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Speccy" = Speccy
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F85DEA1-F08C-4956-843F-BF0D4DA7F74B}" = Sierra Wireless Card Detection Service
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37F8C732-02B5-41A2-9F5B-D94EAC2226AB}" = Angry Birds Seasons
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52E9A798-88C7-4EE6-94D4-2D54FEC8EE52}" = Ragnarok Online
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73AD5A08-FCFE-44EA-9436-3F7BEAF60049}" = Angry Birds
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.7 MUI
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B3F290-186B-46C8-BA95-F3D6542C2407}" = Angry Birds Rio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"AIM_7" = AIM 7
"ASIO4ALL" = ASIO4ALL
"avast" = avast! Free Antivirus
"Bastion_is1" = Bastion
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo II" = Diablo II
"eMachines Welcome Center" = Welcome Center
"FL Studio 10" = FL Studio 10
"Glary Utilities_is1" = Glary Utilities 2.20.0.831
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"IL Download Manager" = IL Download Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Minecraft Cracked" = Minecraft Cracked
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Ragnarok Online" = Ragnarok Online
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.2.0-git-20111003-0029
"WinLiveSuite" = Windows Live Essentials
"WM Recorder 14" = WM Recorder 14
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1931139771-639115300-473801051-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#14 Areee

Areee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 08 January 2012 - 11:19 AM

It ran a bit slow due to one of my 2gb sticks of ram burning out, but that was only with multiple programs up and going at once. Since the viruses started taking up, it got slow simply opening and running things. Opening msn messenger would take a minute to load the log in screen, whereas before it'd instantly pop up.

#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:34 PM

Posted 09 January 2012 - 03:58 PM

Hi Areee,

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at this link:
How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

 

IMPORTANT NOTE: The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired.

Before we can continue, I need you to remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites you visited to get them is almost a guaranteed way to get yourself infected!!

 

P2P Warning
Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

 

:step1: Please open notepad and copy/paste the text in the codebox below into it:

http://www.bleepingcomputer.com/forums/topic434665.html

Collect::
C:\Windows\SysWow64\msvfd32.exe

ADS::
C:\ProgramData\TEMP

Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

How is your computer running now?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users