Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible rootkit and registry changes


  • This topic is locked This topic is locked
44 replies to this topic

#1 richoss

richoss

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 21 May 2012 - 07:11 PM

Mod Edit: Moved to appropriate forum. Virus, Trojan, Spyware, and Malware Removal Logs ~~ boopme

Hey all, I had a problem with my computer recently and discovered it this morning and known something wasnt right for a while.
when I ran rsit it came back as 1 registry change and several firm ware problems. now I cant find the 2nd log files for rsit I think it was called info but it gone,gr

operating system windows 7 32 bit mse, malwarebytes superantispyware, spy bot search and destroy and spywareblaster etc which nothing has being found
the problem is with sending a thunderbird email to a know good address site that came back as me as a spammer which is of course not the case. forgotten the name of it but heard they are now spamming after googling around.

I do have data back up on here and Im on dial up
thanks Richo

I have ran
tdss killer --found nothing
catchme --something
rkill
aswmbr

here what I can find of the log files

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-19 14:48:35
-----------------------------
14:48:35.777 OS Version: Windows 6.1.7601 Service Pack 1
14:48:35.777 Number of processors: 4 586 0x170A
14:48:35.778 ComputerName: RICHARD-PC UserName: Richard
14:48:36.939 Initialize success
14:49:09.618 AVAST engine download error: 0
14:50:23.472 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:50:23.475 Disk 0 Vendor: WDC_WD3200AAKS-00UU3A0 01.03B01 Size: 305244MB BusType: 3
14:50:23.479 Disk 0 MBR read successfully
14:50:23.481 Disk 0 MBR scan
14:50:23.484 Disk 0 Windows 7 default MBR code
14:50:23.486 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:50:23.497 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305142 MB offset 206848
14:50:23.500 Disk 0 scanning sectors +625137664
14:50:23.576 Disk 0 scanning C:\Windows\system32\drivers
14:50:28.517 Service scanning
14:50:33.003 Service MpKsl6a7eb6d8 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BAF9198C-306F-45B0-9C41-696383DBF05D}\MpKsl6a7eb6d8.sys **LOCKED** 32
14:50:39.561 Modules scanning
14:50:51.363 Disk 0 trace - called modules:
14:50:51.384 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
14:50:51.389 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8621e030]
14:50:51.396 3 CLASSPNP.SYS[8c67d59e] -> nt!IofCallDriver -> [0x85d058d8]
14:50:51.402 5 ACPI.sys[8be343d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85cf5908]
14:50:51.408 Scan finished successfully
14:51:13.650 Disk 0 MBR has been saved successfully to "C:\Users\Richard\Documents\MBR.dat"
14:51:13.658 The log file has been saved successfully to "C:\Users\Richard\Documents\aswMBR log.txt"

-------------------------------------------------------------------------------------------------------------------------------------------

Logfile of random's system information tool 1.09 (written by random/random)
Run by Richard at 2012-05-22 09:21:42
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 191 GB (63%) free of 305 GB
Total RAM: 3263 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:23:31, on 22/05/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Data Backup\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Richard\Downloads\RSIT.exe
C:\Program Files\trend micro\Richard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: &Clean Traces - C:\Data Backup\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Data Backup\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Data Backup\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{976EC0EC-B30B-4C41-9EB1-2C8C856DE54C}: NameServer = 203.12.160.35 203.12.160.36
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe

--
End of file - 3210 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ev2l3e8j.default

prefs.js - "browser.startup.homepage" - "about:home"
prefs.js - "extensions.enabledItems" - "{1253D21B-263B-1843-275C-1726DA8B2A12}:4.20.2, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://badoo.com/startpage/?source=bsb&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@itstructures.com/ffactivex]
"Description"=Firefox ActiveX Plugin r39
"Path"=C:\Program Files\Firefox ActiveX Plugin\npffax.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ev2l3e8j.default\extensions\
{0b457cAA-602d-484a-8fe7-c1d894a011ba}
{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ev2l3e8j.default\searchplugins\
badoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}]
Shareaza Web Download Hook - C:\Program Files\Shareaza\RazaWebHook32.dll [2011-05-29 84992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files\WOT\WOT.dll [2011-11-03 1516576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-02-21 59272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2011-11-03 1516576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 931200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-05 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvid.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2012-05-22 08:36:26 ----D---- C:\rsit
2012-05-21 21:35:20 ----D---- C:\ProgramData\McAfee Security Scan
2012-05-21 21:35:12 ----D---- C:\Program Files\McAfee Security Scan
2012-05-21 21:34:59 ----D---- C:\ProgramData\McAfee
2012-05-21 21:05:31 ----D---- C:\SDFix
2012-05-21 18:20:49 ----N---- C:\bootsqm.dat
2012-05-21 12:05:02 ----D---- C:\Program Files\ESET
2012-05-21 10:25:23 ----D---- C:\Temp
2012-05-21 10:22:47 ----D---- C:\Program Files\XviD
2012-05-21 10:20:32 ----A---- C:\TDSSKiller.2.7.35.0_21.05.2012_10.20.32_log.txt
2012-05-19 19:25:37 ----D---- C:\Users\Richard\AppData\Roaming\Comodo
2012-05-19 18:26:12 ----D---- C:\Users\Richard\AppData\Roaming\Camtech
2012-05-19 18:08:44 ----A---- C:\TDSSKiller.2.7.35.0_19.05.2012_18.08.44_log.txt
2012-05-19 17:24:48 ----A---- C:\Windows\system32\tmp.txt
2012-05-19 17:24:48 ----A---- C:\Users\Richard\AppData\Roaming\SetValue.bat
2012-05-19 17:24:48 ----A---- C:\Users\Richard\AppData\Roaming\GetValue.vbs
2012-05-19 17:18:39 ----A---- C:\Windows\ntbtlog.txt
2012-05-19 16:02:00 ----D---- C:\Users\Richard\AppData\Roaming\Philipp Winterberg
2012-05-19 16:01:54 ----D---- C:\Program Files\Free RAR Extract Frog
2012-05-19 14:55:37 ----D---- C:\Program Files\7-Zip
2012-05-18 18:11:25 ----D---- C:\Program Files\Common Files\InstallShield
2012-05-18 18:11:15 ----D---- C:\Program Files\Common Files\Windows Live
2012-05-18 17:52:24 ----A---- C:\Windows\system32\RegistryDefragBootTime.exe
2012-05-17 21:35:29 ----D---- C:\Users\Richard\AppData\Roaming\Identum
2012-05-17 21:34:02 ----D---- C:\Program Files\Trend Micro
2012-05-13 10:54:40 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-05-13 10:54:39 ----A---- C:\Windows\system32\win32k.sys
2012-05-13 10:54:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-12 22:03:41 ----A---- C:\Windows\system32\DWrite.dll
2012-05-11 19:25:18 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-05-11 19:24:54 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-05-05 13:45:15 ----D---- C:\Program Files\RegCleaner
2012-04-25 18:18:44 ----D---- C:\Plugins
2012-04-25 18:12:30 ----D---- C:\Users\Richard\AppData\Roaming\IObit
2012-04-25 18:06:13 ----D---- C:\Program Files\Windows Installer Clean Up
2012-04-25 15:48:03 ----D---- C:\Program Files\PC Doc Pro v5
2012-04-21 18:34:32 ----D---- C:\Program Files\Belarc
2012-04-21 13:38:09 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-21 13:38:09 ----A---- C:\Windows\system32\iertutil.dll
2012-04-21 13:38:08 ----A---- C:\Windows\system32\wininet.dll
2012-04-21 13:38:08 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-21 13:38:08 ----A---- C:\Windows\system32\jscript9.dll
2012-04-21 13:38:08 ----A---- C:\Windows\system32\jscript.dll
2012-04-21 13:38:07 ----A---- C:\Windows\system32\url.dll
2012-04-21 13:38:07 ----A---- C:\Windows\system32\ieui.dll
2012-04-21 13:38:06 ----A---- C:\Windows\system32\urlmon.dll
2012-04-21 13:38:04 ----A---- C:\Windows\system32\ieframe.dll
2012-04-21 13:38:03 ----A---- C:\Windows\system32\mshtml.dll
2012-04-12 19:21:44 ----A---- C:\Windows\system32\wmi.dll
2012-04-12 19:21:44 ----A---- C:\Windows\system32\wintrust.dll
2012-04-12 19:21:44 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-12 19:21:44 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-08 15:25:00 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-03-30 16:02:01 ----A---- C:\Windows\wininit.ini
2012-03-22 12:21:52 ----D---- C:\Program Files\Image Resizer for Windows
2012-03-22 12:21:51 ----D---- C:\ProgramData\Package Cache
2012-03-22 12:07:38 ----D---- C:\Windows\Downloaded Installations
2012-03-14 17:15:19 ----A---- C:\Windows\system32\rdpcore.dll
2012-03-14 17:15:19 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-03-14 17:15:18 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-03-14 17:14:22 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-03-14 17:14:22 ----A---- C:\Windows\system32\rdpwsx.dll
2012-03-14 17:14:22 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-03-05 21:44:29 ----SHD---- C:\Windows\system32\%APPDATA%
2012-03-01 18:56:14 ----D---- C:\Program Files\Microsoft.NET
2012-02-28 16:35:35 ----A---- C:\Windows\system32\tquery.dll
2012-02-28 16:35:35 ----A---- C:\Windows\system32\SearchIndexer.exe
2012-02-28 16:35:35 ----A---- C:\Windows\system32\mssrch.dll
2012-02-28 16:35:34 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2012-02-28 16:35:34 ----A---- C:\Windows\system32\SearchFilterHost.exe
2012-02-28 16:35:34 ----A---- C:\Windows\system32\mssvp.dll
2012-02-28 16:35:34 ----A---- C:\Windows\system32\mssphtb.dll
2012-02-28 16:35:34 ----A---- C:\Windows\system32\mssph.dll
2012-02-28 16:35:33 ----A---- C:\Windows\system32\msscntrs.dll
2012-02-28 16:35:31 ----A---- C:\Windows\system32\shell32.dll
2012-02-28 16:35:30 ----A---- C:\Windows\system32\ntshrui.dll
2012-02-28 16:08:47 ----D---- C:\Users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2012-02-28 16:08:23 ----D---- C:\Program Files\SUPERAntiSpyware
2012-02-24 15:40:59 ----A---- C:\Windows\stinger.sys
2012-02-24 15:40:29 ----D---- C:\Program Files\stinger
2012-02-24 12:04:46 ----A---- C:\Windows\system32\xvidvfw.dll
2012-02-24 12:04:46 ----A---- C:\Windows\system32\xvidcore.dll
2012-02-24 12:04:40 ----A---- C:\Windows\system32\ff_vfw.dll

======List of files/folders modified in the last 3 months======

2012-05-22 09:22:56 ----D---- C:\Windows\system32\config
2012-05-22 09:12:53 ----D---- C:\Windows\Temp
2012-05-22 09:12:51 ----D---- C:\Windows\Prefetch
2012-05-22 08:43:01 ----D---- C:\Windows\system32\drivers
2012-05-22 08:34:16 ----D---- C:\Program Files\Mozilla Firefox
2012-05-22 08:14:07 ----D---- C:\Windows\System32
2012-05-22 08:14:07 ----D---- C:\Windows\inf
2012-05-22 08:14:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-21 22:07:19 ----D---- C:\Windows\system32\wdi
2012-05-21 22:06:38 ----SH---- C:\Program Files\desktop.ini
2012-05-21 22:06:38 ----RD---- C:\Program Files
2012-05-21 21:35:20 ----HD---- C:\ProgramData
2012-05-21 21:26:55 ----D---- C:\Windows\system32\drivers\etc
2012-05-21 16:31:46 ----D---- C:\Windows\system32\LogFiles
2012-05-21 16:03:48 ----SD---- C:\ProgramData\Microsoft
2012-05-21 15:48:02 ----D---- C:\Users\Richard\AppData\Roaming\XnView
2012-05-21 10:23:01 ----A---- C:\Windows\system32\msssc.dll
2012-05-21 10:21:19 ----SHD---- C:\System Volume Information
2012-05-19 17:19:16 ----D---- C:\Windows
2012-05-19 16:35:32 ----AD---- C:\ProgramData\TEMP
2012-05-19 16:34:16 ----D---- C:\Program Files\SpywareBlaster
2012-05-18 18:11:25 ----D---- C:\Program Files\Common Files
2012-05-18 09:03:29 ----D---- C:\Windows\system32\catroot2
2012-05-17 15:07:43 ----RD---- C:\sharing
2012-05-15 21:13:57 ----D---- C:\Windows\Microsoft.NET
2012-05-15 21:13:43 ----RSD---- C:\Windows\assembly
2012-05-15 19:08:53 ----D---- C:\Windows\winsxs
2012-05-13 13:20:52 ----D---- C:\Program Files\Windows Journal
2012-05-13 12:14:34 ----D---- C:\Windows\system32\NDF
2012-05-13 10:57:23 ----D---- C:\Windows\system32\catroot
2012-05-12 20:35:11 ----D---- C:\Windows\Tasks
2012-05-12 20:35:11 ----D---- C:\Windows\system32\Tasks
2012-05-11 17:53:35 ----D---- C:\Windows\LiveKernelReports
2012-05-04 19:17:22 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-05-04 17:44:41 ----D---- C:\Users\Richard\AppData\Roaming\Media Player Classic
2012-04-29 13:13:57 ----D---- C:\ProgramData\IObit
2012-04-29 13:13:39 ----D---- C:\Program Files\IObit
2012-04-26 17:59:26 ----SHD---- C:\Windows\Installer
2012-04-26 17:59:26 ----D---- C:\Program Files\Microsoft Security Client
2012-04-25 18:48:13 ----D---- C:\Windows\Panther
2012-04-25 18:24:35 ----D---- C:\Program Files\FileHippo.com
2012-04-25 18:18:42 ----D---- C:\Program Files\GetFLV
2012-04-25 18:05:58 ----D---- C:\Program Files\MSECache
2012-04-25 14:57:32 ----D---- C:\Program Files\Microsoft Office
2012-04-21 17:14:46 ----D---- C:\Windows\system32\migration
2012-04-21 17:14:46 ----D---- C:\Program Files\Internet Explorer
2012-04-07 19:05:22 ----D---- C:\Windows\pss
2012-04-06 18:14:26 ----D---- C:\Users\Richard\AppData\Roaming\MP3Rocket
2012-04-06 18:14:26 ----D---- C:\Program Files\MP3 Rocket
2012-03-24 13:05:04 ----D---- C:\Program Files\QuickTime
2012-03-24 13:03:00 ----D---- C:\ProgramData\Lavasoft
2012-03-24 13:02:59 ----DC---- C:\Windows\system32\DRVSTORE
2012-03-06 11:04:37 ----D---- C:\Windows\debug
2012-03-01 18:56:15 ----D---- C:\Windows\system32\en-US
2012-02-28 18:14:26 ----RSD---- C:\Windows\Fonts
2012-02-28 13:06:17 ----D---- C:\Windows\Minidump
2012-02-24 12:05:19 ----D---- C:\Program Files\K-Lite Codec Pack
2012-02-24 08:34:55 ----D---- C:\Program Files\Java
2012-02-23 17:18:24 ----D---- C:\Windows\rescache
2012-02-23 13:49:38 ----D---- C:\Windows\ModemLogs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-03-20 171064]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-23 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-13 67664]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 ltmodem5;Agere Modem Driver; C:\Windows\system32\DRIVERS\ltmdmnt.sys [2009-07-14 503296]
R3 rootrepeal;rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-05-17 391272]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 MFE_RR;MFE_RR; \??\C:\Users\Richard\AppData\Local\Temp\mfe_rr.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 11552]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-07 136176]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-07 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-18 237008]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-21 1343400]
S4 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
S4 HDUX;HDUX; C:\Users\Richard\AppData\Local\Temp\HDUX.exe []
S4 IRKLCFILCPKHOY;IRKLCFILCPKHOY; C:\Users\Richard\AppData\Local\Temp\IRKLCFILCPKHOY.exe []
S4 LJKXRGFG;LJKXRGFG; C:\Users\Richard\AppData\Local\Temp\LJKXRGFG.exe []
S4 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-21 615528]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S4 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

-----------------EOF-----------------


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-21 17:01:47
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD3200AAKS-00UU3A0 rev.01.03B01
Running: 27sokv9v.exe; Driver: C:\Users\Richard\AppData\Local\Temp\ufliqfow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2636] USER32.dll!GetWindowInfo 77BC4B5E 5 Bytes JMP 63F856E0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2636] ntdll.dll!LdrLoadDll 77D9223E 4 Bytes JMP 63E03690 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Data Backup\Program Files\Mozilla Thunderbird\thunderbird.exe[3900] ntdll.dll!LdrLoadDll 77D9223E 5 Bytes JMP 002613BF C:\Data Backup\Program Files\Mozilla Thunderbird\thunderbird.exe (Thunderbird/Mozilla Messaging)

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey + 13CD 8287F9A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8289F4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Windows\system32\Drivers\RKREVEAL150.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000043 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{F7755E87-9274-4667-A532-4E63FEDEC2CD}"?"{14E6292C-5E9A-411C-A474-385FFBFB9E91}"?"{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}"?"{07A27222-A1AB-4FCD-8F2C-C6DA1F90DEA4}"?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\6To4\{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}@ReusableType 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@BalloonTime 2012-02-20 22:17:15
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 248
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 500
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}\Connection@Name 6TO4 Adapter
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\6To4\{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}@InterfaceName 6TO4 Adapter
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{F7755E87-9274-4667-A532-4E63FEDEC2CD}?\Device\TCPIP6TUNNEL_{14E6292C-5E9A-411C-A474-385FFBFB9E91}?\Device\TCPIP6TUNNEL_{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}?\Device\TCPIP6TUNNEL_{07A27222-A1AB-4FCD-8F2C-C6DA1F90DEA4}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{F7755E87-9274-4667-A532-4E63FEDEC2CD}?\Device\{14E6292C-5E9A-411C-A474-385FFBFB9E91}?\Device\{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}?\Device\{07A27222-A1AB-4FCD-8F2C-C6DA1F90DEA4}?

---- EOF - GMER 1.0.15 ----



-------------------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-21 17:01:47
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD3200AAKS-00UU3A0 rev.01.03B01
Running: 27sokv9v.exe; Driver: C:\Users\Richard\AppData\Local\Temp\ufliqfow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2636] USER32.dll!GetWindowInfo 77BC4B5E 5 Bytes JMP 63F856E0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2636] ntdll.dll!LdrLoadDll 77D9223E 4 Bytes JMP 63E03690 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Data Backup\Program Files\Mozilla Thunderbird\thunderbird.exe[3900] ntdll.dll!LdrLoadDll 77D9223E 5 Bytes JMP 002613BF C:\Data Backup\Program Files\Mozilla Thunderbird\thunderbird.exe (Thunderbird/Mozilla Messaging)

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey + 13CD 8287F9A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8289F4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Windows\system32\Drivers\RKREVEAL150.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000043 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{F7755E87-9274-4667-A532-4E63FEDEC2CD}"?"{14E6292C-5E9A-411C-A474-385FFBFB9E91}"?"{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}"?"{07A27222-A1AB-4FCD-8F2C-C6DA1F90DEA4}"?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\6To4\{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}@ReusableType 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@BalloonTime 2012-02-20 22:17:15
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 248
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 500
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}\Connection@Name 6TO4 Adapter
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\6To4\{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}@InterfaceName 6TO4 Adapter
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{F7755E87-9274-4667-A532-4E63FEDEC2CD}?\Device\TCPIP6TUNNEL_{14E6292C-5E9A-411C-A474-385FFBFB9E91}?\Device\TCPIP6TUNNEL_{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}?\Device\TCPIP6TUNNEL_{07A27222-A1AB-4FCD-8F2C-C6DA1F90DEA4}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{F7755E87-9274-4667-A532-4E63FEDEC2CD}?\Device\{14E6292C-5E9A-411C-A474-385FFBFB9E91}?\Device\{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}?\Device\{07A27222-A1AB-4FCD-8F2C-C6DA1F90DEA4}?

---- EOF - GMER 1.0.15 ----


------------------------------------------------------------------------------------------------------------------------

catchme log

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266,



---------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-21 17:01:47
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD3200AAKS-00UU3A0 rev.01.03B01
Running: 27sokv9v.exe; Driver: C:\Users\Richard\AppData\Local\Temp\ufliqfow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2636] USER32.dll!GetWindowInfo 77BC4B5E 5 Bytes JMP 63F856E0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2636] ntdll.dll!LdrLoadDll 77D9223E 4 Bytes JMP 63E03690 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Data Backup\Program Files\Mozilla Thunderbird\thunderbird.exe[3900] ntdll.dll!LdrLoadDll 77D9223E 5 Bytes JMP 002613BF C:\Data Backup\Program Files\Mozilla Thunderbird\thunderbird.exe (Thunderbird/Mozilla Messaging)

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey + 13CD 8287F9A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8289F4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Windows\system32\Drivers\RKREVEAL150.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000043 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{F7755E87-9274-4667-A532-4E63FEDEC2CD}"?"{14E6292C-5E9A-411C-A474-385FFBFB9E91}"?"{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}"?"{07A27222-A1AB-4FCD-8F2C-C6DA1F90DEA4}"?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\6To4\{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}@ReusableType 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@BalloonTime 2012-02-20 22:17:15
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 248
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 500
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}\Connection@Name 6TO4 Adapter
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\6To4\{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}@InterfaceName 6TO4 Adapter
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{F7755E87-9274-4667-A532-4E63FEDEC2CD}?\Device\TCPIP6TUNNEL_{14E6292C-5E9A-411C-A474-385FFBFB9E91}?\Device\TCPIP6TUNNEL_{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}?\Device\TCPIP6TUNNEL_{07A27222-A1AB-4FCD-8F2C-C6DA1F90DEA4}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{F7755E87-9274-4667-A532-4E63FEDEC2CD}?\Device\{14E6292C-5E9A-411C-A474-385FFBFB9E91}?\Device\{72C007B3-5FD3-41AA-9F3A-D0110889EA6B}?\Device\{07A27222-A1AB-4FCD-8F2C-C6DA1F90DEA4}?

---- EOF - GMER 1.0.15 ----


thanks Richo
I havnt rebooted since running rsit

Edited by boopme, 21 May 2012 - 07:29 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:05 PM

Posted 26 May 2012 - 08:28 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 richoss

richoss
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 26 May 2012 - 09:30 PM

Gday Mole
yep I have an email replied ticked
cheers

the returned email that says Im a spammer and Im blocked by is

barracudacentral.org

dont worry I didnt send them a email as I think you have to register to get it removed
sound like a trap to me

Edited by richoss, 26 May 2012 - 10:45 PM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:05 PM

Posted 27 May 2012 - 06:32 PM

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Posted Image
m0le is a proud member of UNITE

#5 richoss

richoss
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 29 May 2012 - 04:36 AM

hey mole
I did a scan on the last 360 days is that wrong??? , as the list is too long

OTL logfile created on: 29/05/2012 19:22:36 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Richard\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.19 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 66.70% Memory free
6.37 Gb Paging File | 5.17 Gb Available in Paging File | 81.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 203.62 Gb Free Space | 68.33% Space Free | Partition Type: NTFS

Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (All) ==========

PRC - [2012/05/29 19:21:25 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
PRC - [2012/05/12 20:35:00 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/12 20:34:59 | 000,016,824 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/11/17 15:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2011/10/03 17:44:21 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Data Backup\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2011/06/24 14:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/05/04 14:28:31 | 000,427,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2011/05/04 14:28:31 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
PRC - [2011/05/04 14:28:31 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/20 15:20:34 | 000,426,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2010/11/20 22:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2010/11/20 22:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2010/11/20 22:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2010/11/20 22:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 22:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010/11/20 22:17:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2009/07/14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/14 11:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009/07/14 11:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2009/07/14 11:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe


========== Modules (All) ==========

MOD - [2012/05/29 19:21:25 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
MOD - [2012/05/12 20:35:00 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/12 20:35:00 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
MOD - [2012/05/12 20:35:00 | 000,838,584 | ---- | M] (sqlite.org) -- C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MOD - [2012/05/12 20:35:00 | 000,588,728 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\gkmedias.dll
MOD - [2012/05/12 20:35:00 | 000,269,240 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\freebl3.dll
MOD - [2012/05/12 20:35:00 | 000,187,320 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nspr4.dll
MOD - [2012/05/12 20:35:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MOD - [2012/05/12 20:35:00 | 000,043,960 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\mozglue.dll
MOD - [2012/05/12 20:35:00 | 000,016,312 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\mozalloc.dll
MOD - [2012/05/12 20:34:59 | 015,743,928 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\xul.dll
MOD - [2012/05/12 20:34:59 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/05/12 20:34:59 | 000,646,072 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nss3.dll
MOD - [2012/05/12 20:34:59 | 000,371,640 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nssckbi.dll
MOD - [2012/05/12 20:34:59 | 000,170,936 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\softokn3.dll
MOD - [2012/05/12 20:34:59 | 000,158,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\ssl3.dll
MOD - [2012/05/12 20:34:59 | 000,109,496 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nssdbm3.dll
MOD - [2012/05/12 20:34:59 | 000,105,400 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\smime3.dll
MOD - [2012/05/12 20:34:59 | 000,105,400 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nssutil3.dll
MOD - [2012/05/12 20:34:59 | 000,022,456 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\plc4.dll
MOD - [2012/05/12 20:34:59 | 000,020,920 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\plds4.dll
MOD - [2012/05/12 20:34:59 | 000,019,896 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\xpcom.dll
MOD - [2012/05/12 20:34:59 | 000,016,824 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
MOD - [2012/04/21 14:21:01 | 001,625,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
MOD - [2012/03/26 17:32:06 | 000,173,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\EppManifest.dll
MOD - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
MOD - [2012/03/26 17:01:06 | 000,610,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MpClient.dll
MOD - [2012/03/26 17:01:06 | 000,067,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpOAv.dll
MOD - [2012/03/03 15:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
MOD - [2012/03/01 15:37:41 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll
MOD - [2012/03/01 15:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
MOD - [2012/02/28 11:27:13 | 009,705,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
MOD - [2012/02/28 11:12:01 | 001,103,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
MOD - [2012/02/28 11:11:07 | 001,127,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
MOD - [2012/02/28 11:04:32 | 001,792,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
MOD - [2012/02/18 08:40:27 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
MOD - [2012/02/18 08:40:26 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll
MOD - [2012/02/09 22:43:00 | 007,713,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
MOD - [2012/01/04 18:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2012/01/04 18:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll
MOD - [2011/12/30 15:27:56 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
MOD - [2011/12/16 17:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2011/11/17 15:38:39 | 001,288,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2011/11/17 15:34:55 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2011/11/17 15:34:52 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
MOD - [2011/11/17 15:34:52 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2011/10/03 17:44:23 | 001,833,112 | ---- | M] () -- C:\Data Backup\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2011/10/03 17:44:23 | 000,719,000 | ---- | M] (Mozilla Foundation) -- C:\Data Backup\Program Files\Mozilla Thunderbird\mozcpp19.dll
MOD - [2011/10/03 17:44:23 | 000,714,904 | ---- | M] (Mozilla Foundation) -- C:\Data Backup\Program Files\Mozilla Thunderbird\mozcrt19.dll
MOD - [2011/10/03 17:44:23 | 000,268,440 | ---- | M] (Mozilla Foundation) -- C:\Data Backup\Program Files\Mozilla Thunderbird\freebl3.dll
MOD - [2011/10/03 17:44:23 | 000,015,000 | ---- | M] (Mozilla Foundation) -- C:\Data Backup\Program Files\Mozilla Thunderbird\mozalloc.dll
MOD - [2011/10/03 17:44:22 | 000,645,272 | ---- | M] (Mozilla Foundation) -- C:\Data Backup\Program Files\Mozilla Thunderbird\nss3.dll
MOD - [2011/10/03 17:44:22 | 000,514,200 | ---- | M] (sqlite.org) -- C:\Data Backup\Program Files\Mozilla Thunderbird\mozsqlite3.dll
MOD - [2011/10/03 17:44:22 | 000,366,744 | ---- | M] (Mozilla Foundation) -- C:\Data Backup\Program Files\Mozilla Thunderbird\nssckbi.dll
MOD - [2011/10/03 17:44:22 | 000,174,232 | ---- | M] (Mozilla Foundation) -- C:\Data Backup\Program Files\Mozilla Thunderbird\nspr4.dll
MOD - [2011/10/03 17:44:22 | 000,166,040 | ---- | M] (Mozilla Foundation) -- C:\Data Backup\Program Files\Mozilla Thunderbird\softokn3.dll
MOD - [2011/10/03 17:44:22 | 000,161,944 | ---- | M] () -- C:\Data Backup\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2011/10/03 17:44:22 | 000,141,464 | ---- | M] (Mozilla Foundation) -- C:\Data Backup\Program Files\Mozilla Thunderbird\ssl3.dll
MOD - [2011/10/03 17:44:22 | 000,108,696 | ---- | M] (Mozilla Foundation) -- C:\Data Backup\Program Files\Mozilla Thunderbird\smime3.dll
MOD - [2011/10/03 17:44:22 | 000,104,600 | ---- | M] (Mozilla Foundation) -- C:\Data Backup\Program Files\Mozilla Thunderbird\nssdbm3.dll
MOD - [2011/10/03 17:44:22 | 000,088,216 | ---- | M] (Mozilla Foundation) -- C:\Data Backup\Program Files\Mozilla Thunderbird\nssutil3.dll
MOD - [2011/10/03 17:44:22 | 000,021,656 | ---- | M] () -- C:\Data Backup\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2011/10/03 17:44:22 | 000,021,144 | ---- | M] (Mozilla Foundation) -- C:\Data Backup\Program Files\Mozilla Thunderbird\plc4.dll
MOD - [2011/10/03 17:44:22 | 000,018,072 | ---- | M] (Mozilla Foundation) -- C:\Data Backup\Program Files\Mozilla Thunderbird\plds4.dll
MOD - [2011/10/03 17:44:21 | 016,574,616 | ---- | M] (Mozilla Foundation) -- C:\Data Backup\Program Files\Mozilla Thunderbird\xul.dll
MOD - [2011/10/03 17:44:21 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Data Backup\Program Files\Mozilla Thunderbird\thunderbird.exe
MOD - [2011/10/03 17:44:21 | 000,018,584 | ---- | M] (Mozilla Foundation) -- C:\Data Backup\Program Files\Mozilla Thunderbird\xpcom.dll
MOD - [2011/08/27 14:26:27 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2011/08/27 14:26:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
MOD - [2011/07/16 14:27:30 | 000,868,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2011/07/16 14:27:30 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2011/06/16 14:33:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2011/05/19 16:26:36 | 000,196,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\sqmapi.dll
MOD - [2011/05/17 08:27:52 | 000,413,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MOD - [2011/05/04 14:34:43 | 001,549,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
MOD - [2011/05/04 14:28:31 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
MOD - [2011/03/11 15:33:59 | 001,164,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
MOD - [2011/03/03 15:38:01 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
MOD - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
MOD - [2011/02/19 16:30:50 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
MOD - [2011/01/20 15:21:16 | 000,511,384 | ---- | M] () -- C:\Program Files\IObit\Game Booster\sqlite3.dll
MOD - [2011/01/20 15:20:34 | 000,426,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe
MOD - [2011/01/17 15:47:13 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
MOD - [2010/11/20 22:21:39 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
MOD - [2010/11/20 22:21:39 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2010/11/20 22:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2010/11/20 22:21:38 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
MOD - [2010/11/20 22:21:36 | 001,010,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2010/11/20 22:21:36 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2010/11/20 22:21:36 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
MOD - [2010/11/20 22:21:36 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2010/11/20 22:21:36 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
MOD - [2010/11/20 22:21:35 | 001,063,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
MOD - [2010/11/20 22:21:35 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
MOD - [2010/11/20 22:21:34 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2010/11/20 22:21:34 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
MOD - [2010/11/20 22:21:33 | 002,983,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
MOD - [2010/11/20 22:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2010/11/20 22:21:33 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2010/11/20 22:21:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2010/11/20 22:21:30 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2010/11/20 22:21:28 | 000,505,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
MOD - [2010/11/20 22:21:27 | 002,146,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
MOD - [2010/11/20 22:21:27 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
MOD - [2010/11/20 22:21:27 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
MOD - [2010/11/20 22:21:26 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
MOD - [2010/11/20 22:21:26 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll
MOD - [2010/11/20 22:21:25 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
MOD - [2010/11/20 22:21:24 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2010/11/20 22:21:23 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
MOD - [2010/11/20 22:21:19 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2010/11/20 22:21:15 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2010/11/20 22:21:14 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2010/11/20 22:21:06 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll
MOD - [2010/11/20 22:21:04 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2010/11/20 22:21:03 | 000,653,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2010/11/20 22:21:03 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll
MOD - [2010/11/20 22:21:03 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
MOD - [2010/11/20 22:21:00 | 001,363,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
MOD - [2010/11/20 22:21:00 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
MOD - [2010/11/20 22:20:57 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2010/11/20 22:20:57 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
MOD - [2010/11/20 22:20:57 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\provsvc.dll
MOD - [2010/11/20 22:20:56 | 000,395,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
MOD - [2010/11/20 22:20:55 | 001,750,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
MOD - [2010/11/20 22:20:55 | 000,547,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
MOD - [2010/11/20 22:20:49 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2010/11/20 22:20:49 | 000,864,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\Ole DB\oledb32.dll
MOD - [2010/11/20 22:20:49 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2010/11/20 22:20:48 | 000,573,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
MOD - [2010/11/20 22:20:46 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2010/11/20 22:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlaapi.dll
MOD - [2010/11/20 22:20:29 | 002,494,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
MOD - [2010/11/20 22:20:29 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2010/11/20 22:20:29 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2010/11/20 22:20:27 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
MOD - [2010/11/20 22:20:26 | 000,747,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\unidrvui.dll
MOD - [2010/11/20 22:20:22 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\mxdwdui.dll
MOD - [2010/11/20 22:19:56 | 001,390,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
MOD - [2010/11/20 22:19:56 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
MOD - [2010/11/20 22:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
MOD - [2010/11/20 22:19:54 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
MOD - [2010/11/20 22:19:48 | 002,341,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2010/11/20 22:19:47 | 000,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
MOD - [2010/11/20 22:19:45 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
MOD - [2010/11/20 22:19:45 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
MOD - [2010/11/20 22:19:40 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
MOD - [2010/11/20 22:19:39 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
MOD - [2010/11/20 22:19:23 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
MOD - [2010/11/20 22:19:22 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2010/11/20 22:19:21 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
MOD - [2010/11/20 22:19:10 | 000,312,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
MOD - [2010/11/20 22:19:05 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
MOD - [2010/11/20 22:19:05 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2010/11/20 22:19:03 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
MOD - [2010/11/20 22:19:03 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
MOD - [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2010/11/20 22:19:01 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
MOD - [2010/11/20 22:18:38 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
MOD - [2010/11/20 22:18:36 | 000,508,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
MOD - [2010/11/20 22:18:36 | 000,399,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
MOD - [2010/11/20 22:18:35 | 001,371,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
MOD - [2010/11/20 22:18:35 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
MOD - [2010/11/20 22:18:27 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2010/11/20 22:18:26 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2010/11/20 22:18:25 | 001,003,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
MOD - [2010/11/20 22:18:25 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
MOD - [2010/11/20 22:18:25 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2010/11/20 22:18:24 | 001,154,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
MOD - [2010/11/20 22:18:24 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll
MOD - [2010/11/20 22:18:23 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2010/11/20 22:18:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2010/11/20 22:18:06 | 000,740,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll
MOD - [2010/11/20 22:18:05 | 001,792,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
MOD - [2010/11/20 22:18:05 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
MOD - [2010/11/20 22:18:03 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2010/11/20 22:18:02 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2010/11/20 22:18:01 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
MOD - [2010/11/20 22:18:01 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2010/11/20 22:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
MOD - [2010/11/20 22:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
MOD - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
MOD - [2010/11/20 22:16:50 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
MOD - [2010/11/20 22:16:50 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2010/11/20 22:16:50 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
MOD - [2010/11/20 22:07:48 | 001,164,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
MOD - [2010/11/20 21:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/11/05 11:58:19 | 000,297,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
MOD - [2010/11/05 11:58:01 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
MOD - [2010/11/05 11:58:00 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcp80.dll
MOD - [2009/12/08 09:55:18 | 001,995,776 | ---- | M] (Embarcadero Technologies, Inc.) -- C:\Program Files\IObit\Game Booster\vcl120.bpl
MOD - [2009/12/08 09:55:18 | 001,095,168 | ---- | M] (Embarcadero Technologies, Inc.) -- C:\Program Files\IObit\Game Booster\rtl120.bpl
MOD - [2009/09/15 17:20:52 | 000,177,152 | ---- | M] () -- C:\Program Files\IObit\Game Booster\madbasic_.bpl
MOD - [2009/09/15 17:20:52 | 000,044,544 | ---- | M] () -- C:\Program Files\IObit\Game Booster\maddisAsm_.bpl
MOD - [2009/09/15 17:20:46 | 000,345,088 | ---- | M] () -- C:\Program Files\IObit\Game Booster\madexcept_.bpl
MOD - [2009/07/14 11:17:54 | 000,249,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcryptprimitives.dll
MOD - [2009/07/14 11:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/07/14 11:16:21 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WWanAPI.dll
MOD - [2009/07/14 11:16:21 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwapi.dll
MOD - [2009/07/14 11:16:20 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
MOD - [2009/07/14 11:16:20 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscinterop.dll
MOD - [2009/07/14 11:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
MOD - [2009/07/14 11:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll
MOD - [2009/07/14 11:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL
MOD - [2009/07/14 11:16:19 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
MOD - [2009/07/14 11:16:19 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
MOD - [2009/07/14 11:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
MOD - [2009/07/14 11:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
MOD - [2009/07/14 11:16:19 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanutil.dll
MOD - [2009/07/14 11:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
MOD - [2009/07/14 11:16:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercplsupport.dll
MOD - [2009/07/14 11:16:18 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winbrand.dll
MOD - [2009/07/14 11:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2009/07/14 11:16:17 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
MOD - [2009/07/14 11:16:17 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
MOD - [2009/07/14 11:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2009/07/14 11:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2009/07/14 11:16:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
MOD - [2009/07/14 11:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009/07/14 11:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/07/14 11:16:16 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSChannel.dll
MOD - [2009/07/14 11:16:15 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tapi32.dll
MOD - [2009/07/14 11:16:15 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Syncreg.dll
MOD - [2009/07/14 11:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2009/07/14 11:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll
MOD - [2009/07/14 11:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 11:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2009/07/14 11:16:12 | 000,772,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
MOD - [2009/07/14 11:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
MOD - [2009/07/14 11:16:12 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
MOD - [2009/07/14 11:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
MOD - [2009/07/14 11:16:12 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oledlg.dll
MOD - [2009/07/14 11:16:12 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll
MOD - [2009/07/14 11:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasman.dll
MOD - [2009/07/14 11:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpnsp.dll
MOD - [2009/07/14 11:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 11:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasadhlp.dll
MOD - [2009/07/14 11:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2009/07/14 11:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009/07/14 11:16:11 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdsapi.dll
MOD - [2009/07/14 11:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\npmproxy.dll
MOD - [2009/07/14 11:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2009/07/14 11:16:05 | 004,888,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
MOD - [2009/07/14 11:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netprofm.dll
MOD - [2009/07/14 11:16:02 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
MOD - [2009/07/14 11:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NapiNSP.dll
MOD - [2009/07/14 11:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
MOD - [2009/07/14 11:15:47 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
MOD - [2009/07/14 11:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll
MOD - [2009/07/14 11:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimg32.dll
MOD - [2009/07/14 11:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009/07/14 11:15:43 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdart.dll
MOD - [2009/07/14 11:15:43 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
MOD - [2009/07/14 11:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.dll
MOD - [2009/07/14 11:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2009/07/14 11:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll
MOD - [2009/07/14 11:15:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
MOD - [2009/07/14 11:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009/07/14 11:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\linkinfo.dll
MOD - [2009/07/14 11:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ksuser.dll
MOD - [2009/07/14 11:15:27 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icm32.dll
MOD - [2009/07/14 11:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll
MOD - [2009/07/14 11:15:24 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hcproviders.dll
MOD - [2009/07/14 11:15:24 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hid.dll
MOD - [2009/07/14 11:15:22 | 000,848,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FXSST.dll
MOD - [2009/07/14 11:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
MOD - [2009/07/14 11:15:21 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FXSAPI.dll
MOD - [2009/07/14 11:15:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
MOD - [2009/07/14 11:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll
MOD - [2009/07/14 11:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/07/14 11:15:14 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehSSO.dll
MOD - [2009/07/14 11:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dui70.dll
MOD - [2009/07/14 11:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
MOD - [2009/07/14 11:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2009/07/14 11:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 11:15:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsrole.dll
MOD - [2009/07/14 11:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll
MOD - [2009/07/14 11:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 11:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
MOD - [2009/07/14 11:15:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devrtl.dll
MOD - [2009/07/14 11:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
MOD - [2009/07/14 11:15:11 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll
MOD - [2009/07/14 11:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davhlpr.dll
MOD - [2009/07/14 11:15:07 | 001,030,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
MOD - [2009/07/14 11:15:07 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
MOD - [2009/07/14 11:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll
MOD - [2009/07/14 11:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 11:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2009/07/14 11:14:59 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
MOD - [2009/07/14 11:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll
MOD - [2009/07/14 11:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009/07/14 11:14:53 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AltTab.dll
MOD - [2009/07/14 11:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
MOD - [2009/07/14 11:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 11:14:09 | 001,140,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
MOD - [2009/07/14 11:14:08 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
MOD - [2009/07/14 11:09:16 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\Ole DB\oledb32r.dll
MOD - [2009/07/14 11:09:14 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcint.dll
MOD - [2009/07/14 11:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll
MOD - [2009/07/14 11:08:30 | 002,628,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
MOD - [2009/07/14 11:05:30 | 000,925,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FXSRESM.dll


========== Win32 Services (All) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Disabled | Stopped] -- C:\Users\Richard\AppData\Local\Temp\LJKXRGFG.exe -- (LJKXRGFG)
SRV - File not found [Disabled | Stopped] -- C:\Users\Richard\AppData\Local\Temp\IRKLCFILCPKHOY.exe -- (IRKLCFILCPKHOY)
SRV - File not found [Disabled | Stopped] -- C:\Users\Richard\AppData\Local\Temp\HDUX.exe -- (HDUX)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/02/07 13:26:16 | 000,136,176 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update Service (gupdatem)
SRV - [2012/02/07 13:26:16 | 000,136,176 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2012/01/21 11:38:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/13 13:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/17 15:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (VaultSvc)
SRV - [2011/11/17 15:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2011/11/17 15:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2011/11/17 15:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\lsass.exe -- (Netlogon)
SRV - [2011/11/17 15:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2011/11/17 15:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (EFS)
SRV - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/18 00:33:02 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/05/24 20:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/21 05:01:00 | 000,615,528 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2011/05/04 14:28:31 | 000,427,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2011/03/03 15:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2011/02/19 16:30:54 | 000,805,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/11/20 22:21:40 | 001,914,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 22:21:40 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\WUDFSvc.dll -- (wudfsvc)
SRV - [2010/11/20 22:21:39 | 001,175,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WsmSvc.dll -- (WinRM)
SRV - [2010/11/20 22:21:37 | 000,085,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpdbusenum.dll -- (WPDBusEnum)
SRV - [2010/11/20 22:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/11/20 22:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
SRV - [2010/11/20 22:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 22:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 22:21:35 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wcncsvc.dll -- (wcncsvc)
SRV - [2010/11/20 22:21:35 | 000,204,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WebClnt.dll -- (WebClient)
SRV - [2010/11/20 22:21:33 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2010/11/20 22:21:28 | 000,521,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\termsrv.dll -- (TermService)
SRV - [2010/11/20 22:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 22:21:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\TabSvc.dll -- (TabletInputService)
SRV - [2010/11/20 22:21:27 | 001,159,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sysmain.dll -- (SysMain)
SRV - [2010/11/20 22:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 22:21:24 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2010/11/20 22:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 22:21:08 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SessEnv.dll -- (SessionEnv)
SRV - [2010/11/20 22:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2010/11/20 22:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 22:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2010/11/20 22:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 22:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 22:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 22:20:57 | 000,330,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\QAGENTRT.DLL -- (napagent)
SRV - [2010/11/20 22:20:57 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2010/11/20 22:20:57 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 22:20:54 | 001,508,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pla.dll -- (pla)
SRV - [2010/11/20 22:20:30 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2010/11/20 22:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 22:19:33 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2010/11/20 22:19:28 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2010/11/20 22:19:26 | 000,071,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\KMSVC.DLL -- (hkmsvc)
SRV - [2010/11/20 22:19:23 | 000,499,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\iphlpsvc.dll -- (iphlpsvc)
SRV - [2010/11/20 22:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2010/11/20 22:19:21 | 000,674,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IKEEXT.DLL -- (IKEEXT)
SRV - [2010/11/20 22:19:09 | 000,593,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\gpsvc.dll -- (gpsvc)
SRV - [2010/11/20 22:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2010/11/20 22:18:34 | 000,144,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\dps.dll -- (DPS)
SRV - [2010/11/20 22:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 22:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 22:18:12 | 000,067,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\certprop.dll -- (SCPolicySvc)
SRV - [2010/11/20 22:18:12 | 000,067,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\certprop.dll -- (CertPropSvc)
SRV - [2010/11/20 22:18:09 | 000,102,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2010/11/20 22:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2010/11/20 22:18:06 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV - [2010/11/20 22:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 22:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 22:18:03 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2010/11/20 22:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/11/20 22:17:52 | 001,203,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbengine.exe -- (wbengine)
SRV - [2010/11/20 22:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 22:17:49 | 000,453,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vds.exe -- (vds)
SRV - [2010/11/20 22:17:48 | 000,204,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2010/11/20 22:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2010/11/20 22:17:30 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2010/11/20 22:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2010/11/20 22:17:11 | 000,523,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FXSSVC.exe -- (Fax)
SRV - [2010/11/20 22:17:07 | 000,556,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2010/11/05 11:52:39 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/11/05 11:52:36 | 000,878,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/14 11:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 11:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2009/07/14 11:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpcsvc.dll -- (WPCSvc)
SRV - [2009/07/14 11:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/07/14 11:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009/07/14 11:16:18 | 000,147,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wecsvc.dll -- (Wecsvc)
SRV - [2009/07/14 11:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wdi.dll -- (WdiSystemHost)
SRV - [2009/07/14 11:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wdi.dll -- (WdiServiceHost)
SRV - [2009/07/14 11:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wersvc.dll -- (WerSvc)
SRV - [2009/07/14 11:16:18 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wercplsupport.dll -- (wercplsupport)
SRV - [2009/07/14 11:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2009/07/14 11:16:17 | 000,288,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\w32time.dll -- (W32Time)
SRV - [2009/07/14 11:16:17 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\upnphost.dll -- (upnphost)
SRV - [2009/07/14 11:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 11:16:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\uxsms.dll -- (UxSms)
SRV - [2009/07/14 11:16:16 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\trkwks.dll -- (TrkWks)
SRV - [2009/07/14 11:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 11:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 11:16:15 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2009/07/14 11:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sstpsvc.dll -- (SstpSvc)
SRV - [2009/07/14 11:16:15 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tbssvc.dll -- (TBS)
SRV - [2009/07/14 11:16:13 | 000,132,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr)
SRV - [2009/07/14 11:16:13 | 000,112,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\regsvc.dll -- (RemoteRegistry)
SRV - [2009/07/14 11:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\Sens.dll -- (SENS)
SRV - [2009/07/14 11:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2009/07/14 11:16:12 | 000,327,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (p2psvc)
SRV - [2009/07/14 11:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 11:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 11:16:12 | 000,210,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2009/07/14 11:16:12 | 000,154,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pcasvc.dll -- (PcaSvc)
SRV - [2009/07/14 11:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/07/14 11:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 11:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/07/14 11:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2009/07/14 11:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 11:15:43 | 000,308,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msdtckrm.dll -- (KtmRm)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 11:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/14 11:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\mmcss.dll -- (THREADORDER)
SRV - [2009/07/14 11:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 11:15:36 | 000,189,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lltdsvc.dll -- (lltdsvc)
SRV - [2009/07/14 11:15:36 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lmhsvc.dll -- (lmhosts)
SRV - [2009/07/14 11:15:34 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\iscsiexe.dll -- (MSiSCSI)
SRV - [2009/07/14 11:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/07/14 11:15:33 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPBusEnum.dll -- (IPBusEnum)
SRV - [2009/07/14 11:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 11:15:20 | 000,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FDResPub.dll -- (FDResPub)
SRV - [2009/07/14 11:15:20 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\fdPHost.dll -- (fdPHost)
SRV - [2009/07/14 11:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2009/07/14 11:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 11:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 11:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\bthserv.dll -- (bthserv)
SRV - [2009/07/14 11:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 11:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2009/07/14 11:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 11:14:46 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV - [2009/07/14 11:14:43 | 000,035,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect)
SRV - [2009/07/14 11:14:39 | 000,012,800 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP)
SRV - [2009/07/14 11:14:25 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msdtc.exe -- (MSDTC)
SRV - [2009/07/14 11:14:22 | 000,009,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Locator.exe -- (RpcLocator)
SRV - [2009/07/14 11:14:19 | 000,094,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/14 11:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dllhost.exe -- (COMSysApp)
SRV - [2009/07/14 11:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/11 07:14:51 | 000,042,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Richard\AppData\Local\Temp\mfe_rr.sys -- (MFE_RR)
DRV - [2012/03/30 20:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcpip.sys -- (TCPIP6)
DRV - [2012/03/30 20:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2012/03/20 20:44:12 | 000,171,064 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/03/17 17:27:18 | 000,056,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2012/03/01 15:46:57 | 000,019,824 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2012/02/17 14:14:08 | 000,183,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2012/02/17 14:13:22 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2012/02/09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/12/10 14:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/17 15:41:52 | 000,067,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2011/11/17 15:41:51 | 000,134,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2011/11/17 15:39:24 | 000,369,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\cng.sys -- (CNG)
DRV - [2011/07/23 02:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 07:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/09 12:30:00 | 000,223,744 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2011/05/17 06:55:28 | 000,391,272 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2011/04/29 12:46:33 | 000,311,808 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2011/04/29 12:46:15 | 000,310,272 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2011/04/29 12:46:10 | 000,114,688 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2011/04/27 12:17:28 | 000,096,768 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2011/04/27 12:17:22 | 000,123,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2011/04/25 12:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\afd.sys -- (AFD)
DRV - [2011/03/25 12:58:37 | 000,258,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2011/03/25 12:58:06 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2011/03/25 12:57:58 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2011/03/25 12:57:58 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2011/03/25 12:57:56 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2011/03/11 15:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2011/03/11 15:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2011/03/11 15:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2011/03/11 15:38:51 | 000,332,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2011/03/11 15:38:37 | 000,080,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdsata.sys -- (amdsata)
DRV - [2011/03/11 15:38:37 | 000,022,400 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV - [2011/03/11 14:01:12 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2011/02/23 14:47:33 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2010/11/20 22:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2010/11/20 22:30:16 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2010/11/20 22:30:14 | 000,160,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhdmp.sys -- (vhdmp)
DRV - [2010/11/20 22:30:12 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2010/11/20 22:30:10 | 000,173,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2010/11/20 22:30:10 | 000,085,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2010/11/20 22:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2010/11/20 22:30:06 | 000,153,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2010/11/20 22:30:05 | 000,233,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2010/11/20 22:30:04 | 000,116,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2010/11/20 22:30:01 | 000,130,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2010/11/20 22:30:01 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2010/11/20 22:30:00 | 000,078,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (mountmgr)
DRV - [2010/11/20 22:29:53 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2010/11/20 22:29:47 | 000,728,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2010/11/20 22:29:15 | 000,274,304 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2010/11/20 22:24:30 | 000,194,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fvevol.sys -- (fvevol)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 20:22:20 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2010/11/20 20:22:19 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2010/11/20 20:21:10 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2010/11/20 20:07:50 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2010/11/20 20:07:45 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2010/11/20 20:07:45 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (WANARP)
DRV - [2010/11/20 20:07:39 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/11/20 20:07:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2010/11/20 20:06:41 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2010/11/20 20:06:36 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2010/11/20 20:01:12 | 000,164,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2010/11/20 20:00:24 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2010/11/20 20:00:21 | 000,304,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 19:59:38 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2010/11/20 19:59:29 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2010/11/20 19:59:20 | 000,132,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2010/11/20 19:58:59 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV - [2010/11/20 19:50:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2010/11/20 19:50:21 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2010/11/20 19:50:10 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2010/11/20 19:29:49 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appid.sys -- (AppID)
DRV - [2010/11/20 19:24:56 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2010/11/20 19:19:15 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2010/11/20 18:47:55 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpipmi.sys -- (AcpiPmi)
DRV - [2010/11/20 18:44:05 | 000,242,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2010/11/20 18:42:43 | 000,115,712 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2010/11/20 18:42:32 | 000,078,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2010/11/20 18:42:28 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2010/11/20 18:40:21 | 000,513,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2010/11/20 18:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV - [2010/11/20 18:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2010/11/20 18:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009/07/14 11:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\clfs.sys -- (CLFS)
DRV - [2009/07/14 11:26:21 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2009/07/14 11:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/07/14 11:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2009/07/14 11:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 11:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 11:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2009/07/14 11:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2009/07/14 11:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2009/07/14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp)
DRV - [2009/07/14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGP440.sys -- (agp440)
DRV - [2009/07/14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2009/07/14 11:26:15 | 000,014,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009/07/14 11:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2009/07/14 11:20:45 | 000,012,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2009/07/14 11:20:44 | 000,162,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/07/14 11:20:44 | 000,105,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp)
DRV - [2009/07/14 11:20:44 | 000,049,728 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
DRV - [2009/07/14 11:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 11:20:44 | 000,041,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2009/07/14 11:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2009/07/14 11:20:43 | 000,013,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2009/07/14 11:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 11:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 11:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 11:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 11:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 11:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2009/07/14 11:20:36 | 000,042,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2009/07/14 11:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2009/07/14 11:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2009/07/14 11:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2009/07/14 11:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2009/07/14 11:20:28 | 000,198,208 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2009/07/14 11:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 11:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 11:20:28 | 000,058,448 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2009/07/14 11:20:28 | 000,057,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx)
DRV - [2009/07/14 11:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 11:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009/07/14 11:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disk.sys -- (Disk)
DRV - [2009/07/14 11:19:11 | 000,297,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/07/14 11:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 11:19:11 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV - [2009/07/14 11:19:11 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2009/07/14 11:19:10 | 000,445,008 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2009/07/14 11:19:10 | 000,055,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35)
DRV - [2009/07/14 11:19:10 | 000,053,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp)
DRV - [2009/07/14 11:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 11:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2009/07/14 11:19:10 | 000,012,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2009/07/14 11:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2009/07/14 11:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 11:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 11:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 11:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2009/07/14 11:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stexstor.sys -- (stexstor)
DRV - [2009/07/14 11:19:03 | 000,180,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2009/07/14 11:19:03 | 000,052,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp)
DRV - [2009/07/14 11:19:03 | 000,017,472 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2009/07/14 10:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 10:41:15 | 000,586,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2009/07/14 10:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2009/07/14 10:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 10:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 10:01:39 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2009/07/14 09:55:24 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2009/07/14 09:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009/07/14 09:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 09:54:58 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV - [2009/07/14 09:54:53 | 000,077,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/07/14 09:54:48 | 000,073,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2009/07/14 09:54:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2009/07/14 09:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2009/07/14 09:54:34 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2009/07/14 09:54:29 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2009/07/14 09:54:29 | 000,058,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2009/07/14 09:54:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2009/07/14 09:54:13 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2009/07/14 09:53:58 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\pacer.sys -- (Psched)
DRV - [2009/07/14 09:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2009/07/14 09:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 09:53:41 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2009/07/14 09:53:27 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2009/07/14 09:53:20 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2009/07/14 09:53:19 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2009/07/14 09:52:53 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2009/07/14 09:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 09:52:03 | 000,267,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/07/14 09:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 09:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/14 09:51:34 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2009/07/14 09:51:33 | 000,091,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2009/07/14 09:51:29 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394) 1394 OHCI Compliant Host Controller (Legacy)
DRV - [2009/07/14 09:51:18 | 000,086,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2009/07/14 09:51:17 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2009/07/14 09:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 09:51:05 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2009/07/14 09:50:57 | 000,005,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2009/07/14 09:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 09:46:53 | 000,021,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2009/07/14 09:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2009/07/14 09:45:52 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2009/07/14 09:45:52 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2009/07/14 09:45:45 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2009/07/14 09:45:45 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2009/07/14 09:45:35 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2009/07/14 09:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 09:45:29 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\parvdm.sys -- (Parvdm)
DRV - [2009/07/14 09:45:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\serenum.sys -- (Serenum)
DRV - [2009/07/14 09:45:08 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2009/07/14 09:45:08 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2009/07/14 09:45:08 | 000,008,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2009/07/14 09:45:08 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2009/07/14 09:45:08 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2009/07/14 09:45:07 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2009/07/14 09:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2009/07/14 09:25:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2009/07/14 09:25:51 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2009/07/14 09:25:49 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2009/07/14 09:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 09:23:04 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/07/14 09:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2009/07/14 09:19:19 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev)
DRV - [2009/07/14 09:19:18 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2009/07/14 09:19:17 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2009/07/14 09:15:45 | 000,086,528 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\System32\drivers\luafv.sys -- (luafv)
DRV - [2009/07/14 09:15:29 | 000,028,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2009/07/14 09:14:03 | 000,142,336 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009/07/14 09:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2009/07/14 09:12:08 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2009/07/14 09:11:32 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/07/14 09:11:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2009/07/14 09:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2009/07/14 09:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009/07/14 09:11:12 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2009/07/14 09:11:04 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2009/07/14 09:11:04 | 000,053,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2009/07/14 09:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2009/07/14 09:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 09:11:04 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2009/07/14 08:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 08:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 08:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 08:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 08:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 08:13:46 | 000,503,296 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2009/07/14 08:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 08:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 08:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/14 07:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2009/07/14 06:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1FA7F7-2B7A-407F-9DD7-BC7344C1A9CC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}: "URL" = http://badoo.com/startpage/?source=bsb&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {1253D21B-263B-1843-275C-1726DA8B2A12}:4.20.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18
FF - prefs.js..keyword.URL: "http://badoo.com/startpage/?source=bsb&q="

FF - user.js..browser.search.defaultenginename: "Search"
FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.startup.homepage: "about:home"
FF - user.js..extensions.enabledItems: {1253D21B-263B-1843-275C-1726DA8B2A12}:4.20.2
FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18
FF - user.js..keyword.URL: "http://badoo.com/startpage/?source=bsb&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@itstructures.com/ffactivex: C:\Program Files\Firefox ActiveX Plugin\npffax.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Richard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/12 20:35:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/06 14:27:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Data Backup\Program Files\DAP\DAPFireFox [2012/01/27 16:59:01 | 000,000,000 | ---D | M]

[2012/01/25 10:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Extensions
[2012/01/25 10:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012/05/19 13:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ev2l3e8j.default\extensions
[2012/05/19 13:41:11 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ev2l3e8j.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012/02/20 08:43:38 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ev2l3e8j.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012/05/18 09:03:47 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ev2l3e8j.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/02/18 23:07:47 | 000,002,023 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\ev2l3e8j.default\searchplugins\badoo.xml
[2012/02/25 10:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/12 20:35:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/27 19:58:54 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\RICHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EV2L3E8J.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/24 17:23:01 | 000,337,161 | ---- | M] () (No name found) -- C:\USERS\RICHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EV2L3E8J.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
[2012/03/01 17:19:03 | 000,325,600 | ---- | M] () (No name found) -- C:\USERS\RICHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EV2L3E8J.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2012/05/12 20:35:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2012/02/16 20:42:53 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/02/16 20:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 20:42:53 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/05/12 20:34:59 | 000,003,413 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/02/16 20:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/02/16 20:42:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/02/16 20:42:53 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2012/05/27 19:02:33 | 000,445,061 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.139mm.com
O1 - Hosts: 15295 more lines...
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Data Backup\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Data Backup\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Data Backup\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{976EC0EC-B30B-4C41-9EB1-2C8C856DE54C}: NameServer = 203.12.160.35 203.12.160.36
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within (All) ==========

[2012/05/29 19:09:59 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
[2012/05/27 14:51:32 | 001,061,888 | ---- | C] (J.C. Kessels) -- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.exe
[2012/05/27 14:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyDefrag v4.3.1
[2012/05/27 14:51:31 | 000,475,648 | ---- | C] (J.C. Kessels) -- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.scr
[2012/05/27 14:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\MyDefrag v4.3.1
[2012/05/26 20:04:16 | 000,126,464 | ---- | C] (www.madshi.net) -- C:\Windows\System32\madCHook.dll
[2012/05/26 20:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyMe Tools
[2012/05/26 20:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\SpyMe Tools
[2012/05/23 14:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\AntiTwin
[2012/05/22 21:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/05/22 10:39:35 | 000,000,000 | ---D | C] -- C:\Archive
[2012/05/22 10:38:12 | 000,000,000 | ---D | C] -- C:\201205221038121335247992
[2012/05/22 08:42:45 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\RootRepeal(1)
[2012/05/22 08:36:26 | 000,000,000 | ---D | C] -- C:\rsit
[2012/05/21 21:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/05/21 21:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/05/21 21:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/05/21 21:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/05/21 21:05:31 | 000,000,000 | ---D | C] -- C:\SDFix
[2012/05/21 12:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/21 10:25:23 | 000,000,000 | ---D | C] -- C:\Temp
[2012/05/21 10:22:47 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XviD
[2012/05/21 10:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\XviD
[2012/05/19 19:25:37 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Comodo
[2012/05/19 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Camtech
[2012/05/19 18:09:02 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\tdsskiller(1)
[2012/05/19 17:47:23 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\RootRepeal
[2012/05/19 16:02:00 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Philipp Winterberg
[2012/05/19 16:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free RAR Extract Frog
[2012/05/19 16:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\Free RAR Extract Frog
[2012/05/19 14:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/05/19 14:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/05/18 18:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/05/18 18:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012/05/18 17:52:24 | 000,021,848 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
[2012/05/17 21:35:29 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Identum
[2012/05/17 21:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/05 13:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[2012/05/05 13:13:44 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Apple Computer
[2012/04/29 13:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012/04/25 18:18:44 | 000,000,000 | ---D | C] -- C:\Plugins
[2012/04/25 18:12:30 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\IObit
[2012/04/25 18:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2012/04/25 15:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\PC Doc Pro v5
[2012/04/21 18:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2012/04/06 19:18:58 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\TempDIR
[2012/04/06 18:13:32 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Unity
[2012/04/06 18:12:48 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Rocket
[2012/03/24 19:32:56 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Brice_Lambson
[2012/03/22 12:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows
[2012/03/22 12:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Image Resizer for Windows
[2012/03/22 12:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2012/03/22 12:07:38 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/03/05 21:44:29 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/03/01 18:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/02/28 16:08:47 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/28 16:08:27 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/28 16:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/24 16:00:08 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.9fe5.deleteme
[2012/02/24 15:40:59 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/02/24 15:40:42 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.d6dc.deleteme
[2012/02/24 15:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/02/24 12:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/02/24 12:04:46 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2012/02/24 12:04:43 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2012/02/22 19:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/22 08:43:16 | 000,000,000 | ---D | C] -- C:\Users\Richard\Documents\firefox backups
[2012/02/21 19:15:48 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\KillProcess
[2012/02/21 19:13:57 | 000,000,000 | ---D | C] -- C:\Users\Richard\Documents\KillProcess Kill Lists
[2012/02/21 19:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\KillProcess
[2012/02/21 14:49:11 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/02/21 11:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/18 23:15:43 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/02/18 23:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/02/18 23:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/02/18 22:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2012/02/18 22:18:03 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Secunia PSI
[2012/02/18 22:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012/02/18 21:42:51 | 000,000,000 | ---D | C] -- C:\Users\Richard\SecurityScans
[2012/02/18 12:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/02/14 18:48:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/14 17:38:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/14 14:31:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/02/14 14:30:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/02/14 14:27:53 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2012/02/13 21:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/02/13 21:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/02/13 21:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ken Ward's Zipper
[2012/02/13 21:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Ken Ward's Zipper
[2012/02/13 14:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/13 14:54:22 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/13 14:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/09 22:43:00 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/09 10:35:02 | 000,000,000 | ---D | C] -- C:\not sharing
[2012/02/09 10:04:38 | 000,000,000 | R--D | C] -- C:\sharing
[2012/02/08 21:45:47 | 000,000,000 | ---D | C] -- C:\Users\Richard\Incomplete
[2012/02/08 21:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime
[2012/02/08 20:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\SSPRO
[2012/02/08 20:16:29 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SinkSub Pro
[2012/02/07 19:34:41 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\SumatraPDF
[2012/02/07 19:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2012/02/07 19:29:17 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\jobs
[2012/02/07 13:26:17 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Google
[2012/02/07 13:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/02/06 19:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Firefox ActiveX Plugin
[2012/02/01 19:06:38 | 000,000,000 | R--D | C] -- C:\Users\Richard\Documents\Scanned Documents
[2012/02/01 19:06:37 | 000,000,000 | ---D | C] -- C:\Users\Richard\Documents\Fax
[2012/02/01 15:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/02/01 15:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/02/01 15:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/02/01 15:51:07 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Apple
[2012/02/01 15:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/02/01 15:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/02/01 15:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxreal
[2012/02/01 15:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Foxreal
[2012/02/01 15:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
[2012/02/01 15:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\XnView
[2012/02/01 15:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012/02/01 15:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2012/02/01 15:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\ABCPix
[2012/02/01 15:45:23 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVIcodec
[2012/02/01 15:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVIcodec
[2012/02/01 15:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVIcodec
[2012/02/01 15:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD
[2012/01/31 19:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/31 19:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/01/30 16:39:22 | 000,000,000 | ---D | C] -- C:\Users\Richard\Documents\Freecorder
[2012/01/30 16:39:22 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\FLVService
[2012/01/30 16:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
[2012/01/30 16:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder
[2012/01/30 12:12:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/01/30 12:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/01/30 11:32:03 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flash Movie Player
[2012/01/30 11:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Movie Player
[2012/01/30 11:32:01 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Movie Player
[2012/01/29 19:01:01 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\qld fishing
[2012/01/29 13:11:50 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\XnView
[2012/01/29 11:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Fusion8Design
[2012/01/29 11:14:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\System Restore
[2012/01/29 11:14:19 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screenshot Studio
[2012/01/29 11:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screenshot Studio
[2012/01/29 11:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Screenshot Studio
[2012/01/29 10:53:23 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\programs and how to use em
[2012/01/28 20:09:22 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\nrl
[2012/01/28 20:08:18 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\dogs
[2012/01/28 17:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/01/27 16:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/01/27 16:59:10 | 000,000,000 | ---D | C] -- C:\Users\Richard\Documents\My DAP Downloads
[2012/01/27 16:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/01/27 16:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2012/01/27 16:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
[2012/01/27 16:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit
[2012/01/27 16:58:51 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\Windows\System32\AniGIF.ocx
[2012/01/27 16:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/01/27 16:57:46 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Adobe
[2012/01/27 15:44:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012/01/27 11:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/27 11:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/01/27 11:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2012/01/25 11:52:48 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Media Player Classic
[2012/01/25 11:48:46 | 000,000,000 | ---D | C] -- C:\Users\Richard\Documents\Anti-Malware
[2012/01/25 11:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012/01/25 11:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster
[2012/01/25 11:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/01/25 11:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/01/25 11:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GetFLV
[2012/01/25 11:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\GetFLV
[2012/01/25 11:17:40 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\Desktop
[2012/01/25 11:06:14 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\Shared
[2012/01/25 10:51:51 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\Incomplete
[2012/01/25 10:31:02 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\favs
[2012/01/22 10:35:11 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Shareaza
[2012/01/22 10:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2012/01/22 10:22:16 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Shareaza
[2012/01/22 10:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shareaza
[2012/01/22 10:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Shareaza
[2012/01/22 10:17:42 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\MP3Rocket
[2012/01/22 10:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 Rocket
[2012/01/22 10:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/01/22 10:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/01/22 10:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/22 10:07:19 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\old bleep
[2012/01/22 10:04:17 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Malwarebytes
[2012/01/22 10:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/22 05:16:28 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/01/22 05:06:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/01/21 22:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/21 21:20:14 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Macromedia
[2012/01/21 21:20:14 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Adobe
[2012/01/21 21:13:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/01/21 20:27:58 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\ProgSense
[2012/01/21 20:27:58 | 000,000,000 | ---D | C] -- C:\Downloads
[2012/01/21 20:27:12 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Orbit
[2012/01/21 20:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/01/21 14:49:12 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Mozilla
[2012/01/21 14:48:04 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Mozilla
[2012/01/21 14:48:03 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Thunderbird
[2012/01/21 14:48:03 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Thunderbird
[2012/01/21 14:45:19 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Auslogics
[2012/01/21 14:38:07 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Apps
[2012/01/21 14:34:14 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\ElevatedDiagnostics
[2012/01/21 13:03:42 | 000,000,000 | ---D | C] -- C:\Data Backup
[2012/01/21 11:39:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/01/21 11:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/01/21 10:39:36 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/01/21 10:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/21 10:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/01/21 10:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/01/21 10:37:06 | 000,391,272 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rt86win7.sys
[2012/01/21 10:37:05 | 000,000,000 | ---D | C] -- C:\Drivers
[2012/01/21 10:37:00 | 000,000,000 | ---D | C] -- C:\Users\Richard\Documents\AIDA64 Reports
[2012/01/21 10:36:54 | 000,506,368 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2012/01/21 10:23:44 | 000,000,000 | R--D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/01/21 10:23:44 | 000,000,000 | R--D | C] -- C:\Users\Richard\Searches
[2012/01/21 10:23:44 | 000,000,000 | R--D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/01/21 10:23:44 | 000,000,000 | -H-D | C] -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/01/21 10:23:34 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Identities
[2012/01/21 10:23:33 | 000,000,000 | R--D | C] -- C:\Users\Richard\Contacts
[2012/01/21 10:23:25 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\VirtualStore
[2012/01/21 10:23:23 | 000,000,000 | -HSD | C] -- C:\Users\Richard\AppData\Local\Temporary Internet Files
[2012/01/21 10:23:23 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Templates
[2012/01/21 10:23:23 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Start Menu
[2012/01/21 10:23:23 | 000,000,000 | -HSD | C] -- C:\Users\Richard\SendTo
[2012/01/21 10:23:23 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Recent
[2012/01/21 10:23:23 | 000,000,000 | -HSD | C] -- C:\Users\Richard\PrintHood
[2012/01/21 10:23:23 | 000,000,000 | -HSD | C] -- C:\Users\Richard\NetHood
[2012/01/21 10:23:23 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Documents\My Videos
[2012/01/21 10:23:23 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Documents\My Pictures
[2012/01/21 10:23:23 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Documents\My Music
[2012/01/21 10:23:23 | 000,000,000 | -HSD | C] -- C:\Users\Richard\My Documents
[2012/01/21 10:23:23 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Local Settings
[2012/01/21 10:23:23 | 000,000,000 | -HSD | C] -- C:\Users\Richard\AppData\Local\History
[2012/01/21 10:23:23 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Cookies
[2012/01/21 10:23:23 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Application Data
[2012/01/21 10:23:23 | 000,000,000 | -HSD | C] -- C:\Users\Richard\AppData\Local\Application Data
[2012/01/21 10:23:21 | 000,000,000 | --SD | C] -- C:\Users\Richard\AppData\Roaming\Microsoft
[2012/01/21 10:23:21 | 000,000,000 | R--D | C] -- C:\Users\Richard\Videos
[2012/01/21 10:23:21 | 000,000,000 | R--D | C] -- C:\Users\Richard\Saved Games
[2012/01/21 10:23:21 | 000,000,000 | R--D | C] -- C:\Users\Richard\Pictures
[2012/01/21 10:23:21 | 000,000,000 | R--D | C] -- C:\Users\Richard\Music
[2012/01/21 10:23:21 | 000,000,000 | R--D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/01/21 10:23:21 | 000,000,000 | R--D | C] -- C:\Users\Richard\Links
[2012/01/21 10:23:21 | 000,000,000 | R--D | C] -- C:\Users\Richard\Favorites
[2012/01/21 10:23:21 | 000,000,000 | R--D | C] -- C:\Users\Richard\Downloads
[2012/01/21 10:23:21 | 000,000,000 | R--D | C] -- C:\Users\Richard\Documents
[2012/01/21 10:23:21 | 000,000,000 | R--D | C] -- C:\Users\Richard\Desktop
[2012/01/21 10:23:21 | 000,000,000 | R--D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/01/21 10:23:21 | 000,000,000 | -H-D | C] -- C:\Users\Richard\AppData
[2012/01/21 10:23:21 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Temp
[2012/01/21 10:23:21 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Microsoft
[2012/01/21 10:23:21 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Media Center Programs
[2012/01/21 10:23:00 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/01/21 10:20:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/01/21 10:18:03 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/07/14 17:48:41 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew
[2009/07/14 17:48:41 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2009/07/14 14:56:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\winrm
[2009/07/14 14:56:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\WCN
[2009/07/14 14:56:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\slmgr
[2009/07/14 14:56:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\UMDF\en-US
[2009/07/14 14:56:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\en-US
[2009/07/14 14:56:48 | 000,000,000 | ---D | C] -- C:\Windows\en-US
[2009/07/14 14:56:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\en
[2009/07/14 14:56:48 | 000,000,000 | ---D | C] -- C:\Windows\DigitalLocker
[2009/07/14 14:56:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\0409
[2009/07/14 14:56:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Printing_Admin_Scripts
[2009/07/14 14:55:09 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\en-US\pscr.sys.mui
[2009/07/14 14:55:07 | 000,032,256 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\en-US\yk62x86.sys.mui
[2009/07/14 14:54:41 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrSerId.sys.mui
[2009/07/14 14:54:41 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrSerIb.sys.mui
[2009/07/14 14:54:41 | 000,009,728 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\en-US\ltmdmnt.sys.mui
[2009/07/14 14:54:41 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrParwdm.sys.mui
[2009/07/14 14:53:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2009/07/14 14:53:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2009/07/14 14:53:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2009/07/14 14:53:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2009/07/14 14:52:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2009/07/14 14:52:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\WinBioPlugIns
[2009/07/14 14:52:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\WinBioDatabase
[2009/07/14 14:52:30 | 000,000,000 | ---D | C] -- C:\Windows\twain_32
[2009/07/14 14:52:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\restore
[2009/07/14 14:52:30 | 000,000,000 | ---D | C] -- C:\Windows\Performance
[2009/07/14 14:52:30 | 000,000,000 | ---D | C] -- C:\Windows\Offline Web Pages
[2009/07/14 14:52:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\FxsTmp
[2009/07/14 14:52:30 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Program Files
[2009/07/14 14:52:30 | 000,000,000 | ---D | C] -- C:\Windows\diagnostics
[2009/07/14 14:52:30 | 000,000,000 | ---D | C] -- C:\Windows\addins
[2009/07/14 14:34:21 | 000,000,000 | ---D | C] -- C:\Windows\debug
[2009/07/14 14:34:16 | 000,000,000 | ---D | C] -- C:\Windows\Setup
[2009/07/14 14:34:13 | 000,000,000 | ---D | C] -- C:\Windows\ServiceProfiles
[2009/07/14 14:34:06 | 000,000,000 | --SD | C] -- C:\Windows\System32\Microsoft
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\zh-TW
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\zh-HK
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\zh-CN
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\winsxs
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\winevt
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\wfp
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\Web
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\wdi
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\wbem
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\Vss
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\uk-UA
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\tr-TR
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\tracing
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\th-TH
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\Tasks
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\Tasks
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\TAPI
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\sysprep
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\sv-SE
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\sr-Latn-CS
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\sppui
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\spp
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\spool
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\Speech
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\SMI
[2009/07/14 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\sl-SI
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\UMDF
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\sk-SK
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Setup
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\ru-RU
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\ro-RO
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Recovery
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\ras
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\pt-PT
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\pt-BR
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\pl-PL
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\oobe
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\nl-NL
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\NetworkList
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\NDF
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\nb-NO
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\MUI
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Msdtc
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\migwiz
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\migration
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\manifeststore
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\lv-LV
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\lt-LT
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\LogFiles
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\ko-KR
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\ja-JP
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\it-IT
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\inetsrv
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\IME
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\icsxml
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\ias
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\hu-HU
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\hr-HR
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\he-IL
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\GroupPolicyUsers
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\GroupPolicy
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\fr-FR
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\fi-FI
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\et-EE
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\etc
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-ES
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\en-US
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\el-GR
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\DriverStore
[2009/07/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\system
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\Speech
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\servicing
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\security
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\schemas
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\SchCache
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\Resources
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\PolicyDefinitions
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\PLA
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\ModemLogs
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft.NET
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\Dism
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\de-DE
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\da-DK
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\cs-CZ
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\config
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\com
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\CodeIntegrity
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\Boot
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\bg-BG
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\ar-SA
[2009/07/14 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\AdvancedInstallers
[2009/07/14 12:37:06 | 000,000,000 | R-SD | C] -- C:\Windows\Media
[2009/07/14 12:37:06 | 000,000,000 | R-SD | C] -- C:\Windows\Fonts
[2009/07/14 12:37:06 | 000,000,000 | ---D | C] -- C:\Windows\Logs
[2009/07/14 12:37:06 | 000,000,000 | ---D | C] -- C:\Windows\LiveKernelReports
[2009/07/14 12:37:06 | 000,000,000 | ---D | C] -- C:\Windows\L2Schemas
[2009/07/14 12:37:06 | 000,000,000 | ---D | C] -- C:\Windows\inf
[2009/07/14 12:37:06 | 000,000,000 | ---D | C] -- C:\Windows\IME
[2009/07/14 12:37:06 | 000,000,000 | ---D | C] -- C:\Windows\Help
[2009/07/14 12:37:06 | 000,000,000 | ---D | C] -- C:\Windows\Globalization
[2009/07/14 12:37:06 | 000,000,000 | ---D | C] -- C:\Windows\Cursors
[2009/07/14 12:37:06 | 000,000,000 | ---D | C] -- C:\Windows\Branding
[2009/07/14 12:37:06 | 000,000,000 | ---D | C] -- C:\Windows\Boot
[2009/07/14 12:37:05 | 000,000,000 | R-SD | C] -- C:\Windows\assembly
[2009/07/14 12:37:05 | 000,000,000 | R--D | C] -- C:\Users
[2009/07/14 12:37:05 | 000,000,000 | R--D | C] -- C:\Program Files
[2009/07/14 12:37:05 | 000,000,000 | -H-D | C] -- C:\ProgramData
[2009/07/14 12:37:05 | 000,000,000 | ---D | C] -- C:\Windows
[2009/07/14 12:37:05 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2009/07/14 12:37:05 | 000,000,000 | ---D | C] -- C:\Windows\AppPatch
[2009/07/14 12:37:05 | 000,000,000 | ---D | C] -- C:\Windows\AppCompat
[2009/07/14 12:36:15 | 000,000,000 | -HSD | C] -- C:\$Recycle.Bin
[2009/07/14 10:59:16 | 000,013,568 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys
[2009/07/14 10:59:14 | 000,017,408 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\brcoinst.dll
[2009/07/14 10:59:02 | 000,062,336 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys
[2009/07/14 10:58:59 | 000,005,248 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys
[2009/07/14 10:58:35 | 000,011,904 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys
[2009/07/14 10:58:27 | 000,012,160 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys
[2009/07/14 10:57:25 | 000,272,128 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys
[2009/07/14 09:45:33 | 000,083,456 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\serial.sys
[2009/07/14 08:54:14 | 000,026,624 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\drivers\hcw85cir.sys
[2009/07/14 08:13:46 | 000,503,296 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\ltmdmnt.sys
[2009/07/14 08:09:19 | 000,095,824 | ---- | C] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_fc.sys
[2009/07/14 08:09:18 | 000,096,848 | ---- | C] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_scsi.sys
[2009/07/14 08:09:18 | 000,089,168 | ---- | C] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_sas.sys
[2009/07/14 08:09:18 | 000,077,888 | ---- | C] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys
[2009/07/14 08:09:18 | 000,054,864 | ---- | C] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_sas2.sys
[2009/07/14 08:09:17 | 000,235,584 | ---- | C] (LSI Corporation, Inc.) -- C:\Windows\System32\drivers\MegaSR.sys
[2009/07/14 08:09:17 | 000,086,608 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys
[2009/07/14 08:09:17 | 000,076,368 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys
[2009/07/14 08:09:16 | 000,297,552 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys
[2009/07/14 08:09:16 | 000,146,512 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys
[2009/06/11 07:20:26 | 000,070,720 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys
[2009/06/11 07:20:03 | 000,159,312 | ---- | C] (AMD Technologies Inc.) -- C:\Windows\System32\drivers\amdsbs.sys
[2009/06/11 07:19:35 | 000,030,800 | ---- | C] (LSI Corporation) -- C:\Windows\System32\drivers\megasas.sys
[2009/06/11 07:19:19 | 000,453,712 | ---- | C] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys
[2009/06/11 07:19:05 | 000,422,976 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within (All) ==========

[2012/05/29 19:23:00 | 007,340,032 | ---- | M] () -- C:\Users\Richard\NTUSER.DAT
[2012/05/29 19:21:25 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
[2012/05/29 19:04:09 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/29 19:04:09 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/29 19:01:20 | 000,729,688 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012/05/29 19:01:20 | 000,630,124 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/29 19:01:20 | 000,111,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/29 18:57:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/29 18:56:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/05/29 18:56:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/29 18:56:48 | 2566,365,184 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/27 21:19:24 | 003,306,357 | -H-- | M] () -- C:\Users\Richard\AppData\Local\IconCache.db
[2012/05/27 21:14:35 | 000,000,708 | ---- | M] () -- C:\Windows\SSPRO.INI
[2012/05/27 20:58:46 | 000,007,658 | ---- | M] () -- C:\Users\Richard\AppData\Local\resmon.resmoncfg
[2012/05/27 20:48:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/27 19:02:33 | 000,445,061 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/27 14:51:32 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\MyDefrag.lnk
[2012/05/26 20:40:22 | 000,445,061 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120527-190233.backup
[2012/05/24 16:39:34 | 000,035,328 | ---- | M] () -- C:\Users\Richard\Desktop\RJS RESUME NEW May word
[2012/05/23 14:53:25 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Anti-Twin.lnk
[2012/05/21 21:35:20 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/05/21 21:26:55 | 000,445,061 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120526-204022.backup
[2012/05/21 10:46:51 | 000,147,456 | ---- | M] () -- C:\Users\Richard\Desktop\catchme.exe
[2012/05/21 10:33:59 | 000,089,088 | ---- | M] () -- C:\Users\Richard\Desktop\mbr.exe
[2012/05/21 10:23:01 | 000,000,044 | ---- | M] () -- C:\Windows\System32\msssc.dll
[2012/05/19 17:24:48 | 000,000,691 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\GetValue.vbs
[2012/05/19 17:24:48 | 000,000,035 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\SetValue.bat
[2012/05/19 17:24:43 | 000,444,935 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120521-212655.backup
[2012/05/19 16:01:56 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Free RAR Extract Frog.lnk
[2012/05/19 14:51:13 | 000,000,512 | ---- | M] () -- C:\Users\Richard\Documents\MBR.dat
[2012/05/18 17:22:48 | 000,001,250 | ---- | M] () -- C:\Users\Richard\Desktop\Spybot - Search & Destroy.lnk
[2012/05/17 21:40:54 | 002,107,843 | ---- | M] () -- C:\Users\Richard\Desktop\tdsskiller(1).zip
[2012/05/17 16:41:02 | 000,236,346 | ---- | M] () -- C:\Users\Richard\Desktop\IMG_0894.JPG
[2012/05/17 16:40:50 | 000,212,738 | ---- | M] () -- C:\Users\Richard\Desktop\IMG_0896.JPG
[2012/05/17 16:40:42 | 000,233,523 | ---- | M] () -- C:\Users\Richard\Desktop\IMG_0897.JPG
[2012/05/15 19:08:43 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/11 19:02:00 | 000,231,349 | ---- | M] () -- C:\Users\Richard\Desktop\IMG_0893.JPG
[2012/05/11 19:01:59 | 000,263,794 | ---- | M] () -- C:\Users\Richard\Desktop\IMG_0892.JPG
[2012/05/11 19:01:59 | 000,232,902 | ---- | M] () -- C:\Users\Richard\Desktop\IMG_0891.JPG
[2012/04/29 13:13:50 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/04/29 13:13:50 | 000,001,183 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/04/26 19:34:33 | 000,444,989 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120517-162325.backup
[2012/04/26 18:23:56 | 001,008,141 | ---- | M] () -- C:\Users\Richard\Desktop\rkill(1).exe
[2012/04/26 17:59:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/25 18:18:42 | 000,000,893 | ---- | M] () -- C:\Users\Richard\Desktop\GetFLV.lnk
[2012/04/22 15:47:58 | 000,444,891 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120426-193433.backup
[2012/04/22 15:00:49 | 000,444,891 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120422-154758.backup
[2012/04/21 18:34:33 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2012/04/21 18:34:33 | 000,001,254 | ---- | M] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/04/21 17:14:19 | 000,444,808 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120422-150049.backup
[2012/04/17 20:10:47 | 000,444,808 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120421-171419.backup
[2012/04/06 18:12:48 | 000,001,932 | ---- | M] () -- C:\Users\Richard\Desktop\MP3 Rocket 6.1.2.lnk
[2012/04/06 18:12:48 | 000,001,084 | ---- | M] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.1.2.lnk
[2012/04/06 13:54:38 | 000,444,263 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120417-201047.backup
[2012/04/06 13:54:30 | 000,444,263 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120406-135438.backup
[2012/04/05 16:34:40 | 000,027,882 | ---- | M] () -- C:\Users\Richard\Desktop\RJS RESUME 2012 before hunter
[2012/04/02 19:22:10 | 000,443,639 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120406-135430.backup
[2012/03/30 17:23:31 | 000,001,008 | ---- | M] () -- C:\Users\Richard\Desktop\Flash Movie Player.lnk
[2012/03/30 16:02:01 | 000,000,115 | ---- | M] () -- C:\Windows\wininit.ini
[2012/03/27 19:25:19 | 000,107,862 | ---- | M] () -- C:\Users\Richard\Desktop\IMG_0363 (Small).JPG
[2012/03/24 19:33:59 | 000,130,367 | ---- | M] () -- C:\Users\Richard\Desktop\bike (Small).JPG
[2012/03/24 14:47:03 | 000,443,548 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120402-192210.backup
[2012/03/13 15:44:10 | 000,443,614 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120324-154703.backup
[2012/03/07 13:16:00 | 000,000,498 | ---- | M] () -- C:\Users\Richard\Desktop\tpg - Shortcut.lnk
[2012/02/29 18:46:07 | 000,001,203 | ---- | M] () -- C:\Users\Public\Desktop\Foxreal YouTube FLV Downloader.lnk
[2012/02/28 16:08:27 | 000,001,965 | ---- | M] () -- C:\Users\Richard\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/25 11:13:25 | 000,443,554 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120313-164410.backup
[2012/02/25 10:59:42 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/24 16:16:56 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/02/24 16:00:06 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.9fe5.deleteme
[2012/02/24 15:40:41 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.d6dc.deleteme
[2012/02/23 14:24:52 | 000,021,848 | ---- | M] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
[2012/02/22 19:59:41 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/22 09:17:20 | 000,071,950 | ---- | M] () -- C:\Users\Richard\Documents\gmer log 21.2.12
[2012/02/21 19:13:58 | 000,001,005 | ---- | M] () -- C:\Users\Richard\Desktop\KillProcess.lnk
[2012/02/18 23:05:46 | 000,443,485 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120225-121325.backup
[2012/02/18 11:14:12 | 000,001,411 | ---- | M] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/18 08:40:26 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/17 16:03:08 | 001,143,711 | ---- | M] () -- C:\Users\Richard\Desktop\IMG_0363.JPG
[2012/02/17 16:01:23 | 000,197,748 | ---- | M] () -- C:\Users\Richard\Desktop\IMG_0865.JPG
[2012/02/17 15:58:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/02/16 04:00:00 | 000,079,360 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2012/02/15 09:41:17 | 000,302,592 | ---- | M] () -- C:\Users\Richard\Desktop\27sokv9v.exe
[2012/02/13 22:23:13 | 000,443,485 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120219-000546.backup
[2012/02/13 21:42:30 | 000,001,041 | ---- | M] () -- C:\Users\Richard\Desktop\SpywareBlaster.lnk
[2012/02/13 21:40:26 | 000,000,938 | ---- | M] () -- C:\Users\Richard\Desktop\Ken Ward's Zipper.lnk
[2012/02/13 14:54:25 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/09 22:43:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/09 22:43:00 | 000,008,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012/02/08 21:28:13 | 000,005,632 | ---- | M] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/08 18:49:24 | 000,443,325 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120213-232313.backup
[2012/02/06 19:53:58 | 000,249,971 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120208-194924.backup
[2012/02/06 19:39:41 | 000,249,971 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120206-205358.backup
[2012/02/01 15:50:04 | 000,001,751 | ---- | M] () -- C:\Users\Richard\Desktop\XnView.lnk
[2012/02/01 15:47:01 | 000,001,208 | ---- | M] () -- C:\Users\Richard\Desktop\Auslogics Disk Defrag.lnk
[2012/02/01 15:02:45 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/01/31 19:32:20 | 000,249,971 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120206-203941.backup
[2012/01/30 15:40:08 | 000,000,852 | -H-- | M] () -- C:\aaw7boot.cmd
[2012/01/29 12:51:54 | 000,001,931 | ---- | M] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Screenshot Studio.lnk
[2012/01/29 12:51:53 | 000,001,907 | ---- | M] () -- C:\Users\Richard\Desktop\Screenshot Studio.lnk
[2012/01/27 16:58:52 | 000,109,216 | ---- | M] () -- C:\Windows\System32\EasyHook64.dll
[2012/01/27 16:58:52 | 000,084,480 | ---- | M] () -- C:\Windows\System32\EasyHook32.dll
[2012/01/27 16:58:51 | 000,172,032 | ---- | M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\Windows\System32\AniGIF.ocx
[2012/01/25 11:43:27 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2012/01/25 11:43:26 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2012/01/22 10:22:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/01/22 10:22:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/01/22 10:22:16 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Shareaza.lnk
[2012/01/21 19:54:59 | 000,001,429 | ---- | M] () -- C:\Users\Richard\Desktop\thunderbird - Shortcut.lnk
[2012/01/21 10:40:01 | 000,057,560 | ---- | M] () -- C:\Users\Richard\AppData\Local\GDIPFONTCACHEV1.DAT
[2012/01/21 10:37:00 | 000,004,978 | ---- | M] () -- C:\Windows\EasyDrv5_20120121_113647.ed5log
[2012/01/21 10:32:19 | 000,001,568 | ---- | M] () -- C:\Users\Richard\Desktop\Data Backup.lnk
[2012/01/21 10:30:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/01/21 10:27:03 | 000,524,288 | -HS- | M] () -- C:\Users\Richard\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012/01/21 10:27:03 | 000,524,288 | -HS- | M] () -- C:\Users\Richard\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012/01/21 10:27:03 | 000,065,536 | -HS- | M] () -- C:\Users\Richard\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012/01/21 10:23:23 | 000,000,020 | -HS- | M] () -- C:\Users\Richard\ntuser.ini
[2012/01/21 10:20:29 | 000,039,252 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/01/13 13:08:32 | 004,025,034 | ---- | M] () -- C:\Users\Richard\Desktop\SuperGameHouseBlackjack.exe
[2011/12/22 04:14:02 | 000,151,552 | ---- | M] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2011/12/14 11:30:46 | 000,238,953 | ---- | M] () -- C:\Users\Richard\Desktop\bike.JPG
[2011/12/10 14:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/25 01:44:30 | 000,243,200 | ---- | M] () -- C:\Windows\System32\xvidvfw.dll
[2011/06/25 01:28:22 | 000,650,752 | ---- | M] () -- C:\Windows\System32\xvidcore.dll
[2011/05/17 06:55:28 | 000,391,272 | ---- | M] (Realtek ) -- C:\Windows\System32\drivers\Rt86win7.sys
[2011/05/17 06:55:28 | 000,080,416 | ---- | M] () -- C:\Windows\System32\RtNicProp32.dll
[2011/03/02 21:43:46 | 000,175,616 | ---- | M] () -- C:\Windows\System32\unrar.dll
[2010/11/20 22:19:02 | 000,093,696 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2010/11/20 15:23:54 | 000,053,600 | ---- | M] () -- C:\Windows\System32\dosx.exe
[2010/11/20 13:52:32 | 000,419,880 | ---- | M] () -- C:\Windows\System32\locale.nls
[2010/11/10 11:45:49 | 000,010,429 | ---- | M] () -- C:\Windows\System32\ScavengeSpace.xml
[2010/11/05 12:20:53 | 000,146,852 | ---- | M] () -- C:\Windows\System32\systemsf.ebd
[2010/11/05 12:20:45 | 000,105,559 | ---- | M] () -- C:\Windows\System32\RacRules.xml
[2010/05/21 12:11:26 | 000,475,648 | ---- | M] (J.C. Kessels) -- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.scr
[2010/05/21 12:11:20 | 001,061,888 | ---- | M] (J.C. Kessels) -- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.exe
[2010/01/06 12:13:00 | 000,506,368 | ---- | M] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2009/08/13 11:14:17 | 000,472,064 | ---- | M] ( ) -- C:\Users\Richard\Desktop\RootRepeal.exe
[2009/07/14 14:56:51 | 000,021,504 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2009/07/14 14:54:22 | 000,000,403 | ---- | M] () -- C:\Windows\win.ini
[2009/07/14 14:47:13 | 000,009,216 | ---- | M] () -- C:\Windows\System32\umstartup000.etl
[2009/07/14 14:42:29 | 000,001,244 | ---- | M] () -- C:\Windows\System32\migwiz.lnk
[2009/07/14 14:42:26 | 000,000,535 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2009/07/14 14:41:57 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2009/07/14 14:37:42 | 000,000,290 | ---- | M] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2009/07/14 14:37:42 | 000,000,272 | ---- | M] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/07/14 12:09:40 | 000,010,240 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrSerId.sys.mui
[2009/07/14 12:07:42 | 000,009,728 | ---- | M] (Agere Systems) -- C:\Windows\System32\drivers\en-US\ltmdmnt.sys.mui
[2009/07/14 12:04:20 | 000,010,240 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrSerIb.sys.mui
[2009/07/14 12:03:46 | 000,003,584 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\en-US\pscr.sys.mui
[2009/07/14 12:03:08 | 000,032,256 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\en-US\yk62x86.sys.mui
[2009/07/14 12:02:36 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrParwdm.sys.mui
[2009/07/14 11:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys
[2009/07/14 11:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys
[2009/07/14 11:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\System32\drivers\amdsbs.sys
[2009/07/14 11:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys
[2009/07/14 11:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys
[2009/07/14 11:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys
[2009/07/14 11:20:37 | 000,089,168 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_sas.sys
[2009/07/14 11:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\System32\drivers\MegaSR.sys
[2009/07/14 11:20:36 | 000,096,848 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_scsi.sys
[2009/07/14 11:20:36 | 000,095,824 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_fc.sys
[2009/07/14 11:20:36 | 000,054,864 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_sas2.sys
[2009/07/14 11:20:36 | 000,030,800 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\megasas.sys
[2009/07/14 11:20:28 | 000,453,712 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys
[2009/07/14 11:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys
[2009/07/14 11:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys
[2009/07/14 11:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
[2009/07/14 11:15:00 | 000,073,728 | ---- | M] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 11:15:00 | 000,064,000 | ---- | M] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 11:15:00 | 000,017,408 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\brcoinst.dll
[2009/07/14 10:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys
[2009/07/14 10:34:40 | 000,291,294 | ---- | M] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 10:34:38 | 000,031,548 | ---- | M] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 09:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\serial.sys
[2009/07/14 09:06:14 | 000,004,453 | ---- | M] () -- C:\Windows\System32\odbcconf.rsp
[2009/07/14 08:58:08 | 000,043,131 | ---- | M] () -- C:\Windows\mib.bin
[2009/07/14 08:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\drivers\hcw85cir.sys
[2009/07/14 08:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys
[2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys
[2009/07/14 08:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys
[2009/07/14 08:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys
[2009/07/14 08:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys
[2009/07/14 08:13:46 | 000,503,296 | ---- | M] (Agere Systems) -- C:\Windows\System32\drivers\ltmdmnt.sys
[2009/07/14 07:41:05 | 000,000,718 | ---- | M] () -- C:\Windows\System32\mscdexnt.exe
[2009/07/14 07:41:04 | 000,002,842 | ---- | M] () -- C:\Windows\System32\redir.exe
[2009/07/14 07:41:02 | 000,000,882 | ---- | M] () -- C:\Windows\System32\share.exe
[2009/07/14 07:41:02 | 000,000,882 | ---- | M] () -- C:\Windows\System32\fastopen.exe
[2009/07/14 07:41:01 | 000,019,694 | ---- | M] () -- C:\Windows\System32\GRAPHICS.COM
[2009/07/14 07:40:59 | 000,014,710 | ---- | M] () -- C:\Windows\System32\KB16.COM
[2009/07/14 07:40:57 | 000,007,052 | ---- | M] () -- C:\Windows\System32\nlsfunc.exe
[2009/07/14 07:40:57 | 000,001,131 | ---- | M] () -- C:\Windows\System32\LOADFIX.COM
[2009/07/14 07:40:56 | 000,039,274 | ---- | M] () -- C:\Windows\System32\mem.exe
[2009/07/14 07:40:54 | 000,011,753 | ---- | M] () -- C:\Windows\System32\setver.exe
[2009/07/14 07:40:52 | 000,020,634 | ---- | M] () -- C:\Windows\System32\debug.exe
[2009/07/14 07:40:51 | 000,008,424 | ---- | M] () -- C:\Windows\System32\exe2bin.exe
[2009/07/14 07:40:50 | 000,012,642 | ---- | M] () -- C:\Windows\System32\edlin.exe
[2009/07/14 07:40:49 | 000,012,498 | ---- | M] () -- C:\Windows\System32\append.exe
[2009/07/14 07:40:48 | 000,050,648 | ---- | M] () -- C:\Windows\System32\COMMAND.COM
[2009/07/14 07:40:44 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2009/07/14 07:40:43 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2009/07/14 07:40:43 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2009/07/14 07:40:41 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/07/14 07:40:40 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2009/07/14 07:40:39 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2009/07/14 07:40:35 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2009/07/14 07:40:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2009/07/14 07:40:27 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2009/07/14 07:40:23 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2009/07/14 07:40:19 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2009/07/14 07:40:17 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2009/07/14 07:40:15 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2009/07/14 07:40:13 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2009/07/14 07:40:11 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2009/07/14 07:38:33 | 000,000,610 | ---- | M] () -- C:\Windows\System32\WdsUnattendTemplate.xml
[2009/07/14 06:29:26 | 000,000,714 | ---- | M] () -- C:\Windows\System32\RestartManager.mof
[2009/07/14 06:29:26 | 000,000,176 | ---- | M] () -- C:\Windows\System32\RestartManagerUninstall.mof
[2009/06/11 07:48:27 | 000,009,958 | ---- | M] () -- C:\Windows\System32\l_intl.nls
[2009/06/11 07:48:26 | 000,067,808 | ---- | M] () -- C:\Windows\System32\normnfkc.nls
[2009/06/11 07:48:26 | 000,061,718 | ---- | M] () -- C:\Windows\System32\normnfkd.nls
[2009/06/11 07:48:26 | 000,059,342 | ---- | M] () -- C:\Windows\System32\normidna.nls
[2009/06/11 07:48:26 | 000,047,076 | ---- | M] () -- C:\Windows\System32\normnfc.nls
[2009/06/11 07:48:26 | 000,040,566 | ---- | M] () -- C:\Windows\System32\normnfd.nls
[2009/06/11 07:48:18 | 000,180,770 | ---- | M] () -- C:\Windows\System32\C_20932.NLS
[2009/06/11 07:48:18 | 000,177,698 | ---- | M] () -- C:\Windows\System32\C_20949.NLS
[2009/06/11 07:48:18 | 000,173,602 | ---- | M] () -- C:\Windows\System32\C_20936.NLS
[2009/06/11 07:48:17 | 000,195,618 | ---- | M] () -- C:\Windows\System32\C_10002.NLS
[2009/06/11 07:48:17 | 000,177,698 | ---- | M] () -- C:\Windows\System32\C_10003.NLS
[2009/06/11 07:48:17 | 000,173,602 | ---- | M] () -- C:\Windows\System32\C_10008.NLS
[2009/06/11 07:48:17 | 000,162,850 | ---- | M] () -- C:\Windows\System32\C_10001.NLS
[2009/06/11 07:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_869.NLS
[2009/06/11 07:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_866.NLS
[2009/06/11 07:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_865.NLS
[2009/06/11 07:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_864.NLS
[2009/06/11 07:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_863.NLS
[2009/06/11 07:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_862.NLS
[2009/06/11 07:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_861.NLS
[2009/06/11 07:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_860.NLS
[2009/06/11 07:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_858.NLS
[2009/06/11 07:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_857.NLS
[2009/06/11 07:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_855.NLS
[2009/06/11 07:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_852.NLS
[2009/06/11 07:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_850.NLS
[2009/06/11 07:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_775.NLS
[2009/06/11 07:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_737.NLS
[2009/06/11 07:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_437.NLS
[2009/06/11 07:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_10082.NLS
[2009/06/11 07:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_10081.NLS
[2009/06/11 07:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_10079.NLS
[2009/06/11 07:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_10029.NLS
[2009/06/11 07:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_10021.NLS
[2009/06/11 07:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_10017.NLS
[2009/06/11 07:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_10010.NLS
[2009/06/11 07:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_10007.NLS
[2009/06/11 07:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_10006.NLS
[2009/06/11 07:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_10005.NLS
[2009/06/11 07:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_10004.NLS
[2009/06/11 07:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_10000.NLS
[2009/06/11 07:48:16 | 000,189,986 | ---- | M] () -- C:\Windows\System32\C_1361.NLS
[2009/06/11 07:48:16 | 000,187,938 | ---- | M] () -- C:\Windows\System32\C_20005.NLS
[2009/06/11 07:48:16 | 000,186,402 | ---- | M] () -- C:\Windows\System32\C_20001.NLS
[2009/06/11 07:48:16 | 000,185,378 | ---- | M] () -- C:\Windows\System32\C_20003.NLS
[2009/06/11 07:48:16 | 000,180,258 | ---- | M] () -- C:\Windows\System32\C_20004.NLS
[2009/06/11 07:48:16 | 000,180,258 | ---- | M] () -- C:\Windows\System32\C_20000.NLS
[2009/06/11 07:48:16 | 000,173,602 | ---- | M] () -- C:\Windows\System32\C_20002.NLS
[2009/06/11 07:48:16 | 000,139,810 | ---- | M] () -- C:\Windows\System32\C_20261.NLS
[2009/06/11 07:48:16 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_720.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_708.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_28605.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\c_28603.nls
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_28599.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_28598.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_28597.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_28596.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_28595.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_28594.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_28593.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_28592.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_28591.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_21866.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_21027.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20866.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20269.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20127.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20108.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20107.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20106.NLS
[2009/06/11 07:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20105.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_875.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_870.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_500.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_21025.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20924.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20905.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20880.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20871.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20838.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20833.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20424.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20423.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20420.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20297.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20290.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20285.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20284.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20280.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20278.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20277.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_20273.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1149.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1148.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1147.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1146.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1145.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1144.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1143.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1142.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1141.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1140.NLS
[2009/06/11 07:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1047.NLS
[2009/06/11 07:48:14 | 000,196,642 | ---- | M] () -- C:\Windows\System32\C_950.NLS
[2009/06/11 07:48:14 | 000,196,642 | ---- | M] () -- C:\Windows\System32\C_949.NLS
[2009/06/11 07:48:14 | 000,196,642 | ---- | M] () -- C:\Windows\System32\C_936.NLS
[2009/06/11 07:48:14 | 000,162,850 | ---- | M] () -- C:\Windows\System32\C_932.NLS
[2009/06/11 07:48:14 | 000,066,594 | ---- | M] () -- C:\Windows\System32\C_874.NLS
[2009/06/11 07:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1258.NLS
[2009/06/11 07:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1257.NLS
[2009/06/11 07:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1256.NLS
[2009/06/11 07:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1255.NLS
[2009/06/11 07:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1254.NLS
[2009/06/11 07:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1253.NLS
[2009/06/11 07:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1252.NLS
[2009/06/11 07:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1251.NLS
[2009/06/11 07:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1250.NLS
[2009/06/11 07:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_1026.NLS
[2009/06/11 07:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\System32\C_037.NLS
[2009/06/11 07:47:11 | 000,047,679 | ---- | M] () -- C:\Windows\System32\diskmgmt.msc
[2009/06/11 07:46:53 | 000,008,280 | ---- | M] () -- C:\Windows\System32\spcinstrumentation.man
[2009/06/11 07:46:28 | 000,000,219 | ---- | M] () -- C:\Windows\system.ini
[2009/06/11 07:46:08 | 000,145,640 | ---- | M] () -- C:\Windows\System32\devmgmt.msc
[2009/06/11 07:44:34 | 003,170,304 | ---- | M] () -- C:\Windows\System32\boot.sdi
[2009/06/11 07:43:22 | 000,000,874 | ---- | M] () -- C:\Windows\System32\manage-bde.wsf
[2009/06/11 07:43:20 | 000,144,862 | ---- | M] () -- C:\Windows\System32\tpm.msc
[2009/06/11 07:42:54 | 000,028,420 | ---- | M] () -- C:\Windows\System32\bios1.rom
[2009/06/11 07:42:54 | 000,018,832 | ---- | M] () -- C:\Windows\System32\v7vga.rom
[2009/06/11 07:42:54 | 000,008,191 | ---- | M] () -- C:\Windows\System32\bios4.rom
[2009/06/11 07:42:49 | 000,000,707 | ---- | M] () -- C:\Windows\_default.pif
[2009/06/11 07:42:32 | 000,069,886 | ---- | M] () -- C:\Windows\System32\edit.com
[2009/06/11 07:42:32 | 000,021,232 | ---- | M] () -- C:\Windows\System32\graphics.pro
[2009/06/11 07:42:32 | 000,010,790 | ---- | M] () -- C:\Windows\System32\EDIT.HLP
[2009/06/11 07:42:20 | 000,013,312 | ---- | M] () -- C:\Windows\System32\win87em.dll
[2009/06/11 07:42:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/06/11 07:42:20 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2009/06/11 07:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/11 07:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/06/11 07:42:08 | 000,000,843 | ---- | M] () -- C:\Windows\System32\onlinesetup.cmd
[2009/06/11 07:42:07 | 000,004,041 | ---- | M] () -- C:\Windows\System32\xwizard.dtd
[2009/06/11 07:41:29 | 000,211,938 | ---- | M] () -- C:\Windows\System32\lcphrase.tbl
[2009/06/11 07:41:29 | 000,024,114 | ---- | M] () -- C:\Windows\System32\lcptr.tbl
[2009/06/11 07:40:47 | 000,201,034 | ---- | M] () -- C:\Windows\System32\winrm.vbs
[2009/06/11 07:40:47 | 000,004,675 | ---- | M] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2009/06/11 07:40:47 | 000,002,426 | ---- | M] () -- C:\Windows\System32\WsmTxt.xsl
[2009/06/11 07:40:47 | 000,001,559 | ---- | M] () -- C:\Windows\System32\WsmPty.xsl
[2009/06/11 07:40:47 | 000,000,035 | ---- | M] () -- C:\Windows\System32\winrm.cmd
[2009/06/11 07:39:59 | 000,060,124 | ---- | M] () -- C:\Windows\System32\tcpmon.ini
[2009/06/11 07:39:59 | 000,001,041 | ---- | M] () -- C:\Windows\System32\tcpbidi.xml
[2009/06/11 07:39:54 | 000,003,577 | ---- | M] () -- C:\Windows\System32\sysprtj.sep
[2009/06/11 07:39:54 | 000,003,214 | ---- | M] () -- C:\Windows\System32\sysprint.sep
[2009/06/11 07:39:53 | 000,000,114 | ---- | M] () -- C:\Windows\System32\pcl.sep
[2009/06/11 07:39:53 | 000,000,051 | ---- | M] () -- C:\Windows\System32\pscript.sep
[2009/06/11 07:39:44 | 000,144,673 | ---- | M] () -- C:\Windows\System32\WmiMgmt.msc
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () -- C:\Windows\System32\drivers\etc\services
[2009/06/11 07:39:37 | 000,003,683 | ---- | M] () -- C:\Windows\System32\drivers\etc\lmhosts.sam
[2009/06/11 07:39:37 | 000,001,358 | ---- | M] () -- C:\Windows\System32\drivers\etc\protocol
[2009/06/11 07:39:37 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120131-203220.backup
[2009/06/11 07:39:37 | 000,000,407 | ---- | M] () -- C:\Windows\System32\drivers\etc\networks
[2009/06/11 07:39:18 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2009/06/11 07:38:48 | 000,113,629 | ---- | M] () -- C:\Windows\System32\slmgr.vbs
[2009/06/11 07:38:43 | 000,145,059 | ---- | M] () -- C:\Windows\System32\taskschd.msc
[2009/06/11 07:38:33 | 000,145,127 | ---- | M] () -- C:\Windows\System32\eventvwr.msc
[2009/06/11 07:38:10 | 000,017,935 | ---- | M] () -- C:\Windows\System32\EventViewer_EventDetails.xsl
[2009/06/11 07:36:33 | 000,063,070 | ---- | M] () -- C:\Windows\System32\certmgr.msc
[2009/06/11 07:34:45 | 000,215,943 | ---- | M] () -- C:\Windows\System32\dssec.dat
[2009/06/11 07:34:23 | 000,316,640 | ---- | M] () -- C:\Windows\WMSysPr9.prx
[2009/06/11 07:32:47 | 000,000,741 | ---- | M] () -- C:\Windows\System32\NOISE.DAT
[2009/06/11 07:32:07 | 000,002,060 | ---- | M] () -- C:\Windows\System32\noise.jpn
[2009/06/11 07:31:26 | 000,145,519 | ---- | M] () -- C:\Windows\System32\perfmon.msc
[2009/06/11 07:30:15 | 000,093,702 | ---- | M] () -- C:\Windows\System32\SubRange.uce
[2009/06/11 07:30:14 | 000,060,458 | ---- | M] () -- C:\Windows\System32\ideograf.uce
[2009/06/11 07:30:14 | 000,024,006 | ---- | M] () -- C:\Windows\System32\gb2312.uce
[2009/06/11 07:30:14 | 000,022,984 | ---- | M] () -- C:\Windows\System32\bopomofo.uce
[2009/06/11 07:30:14 | 000,016,740 | ---- | M] () -- C:\Windows\System32\ShiftJIS.uce
[2009/06/11 07:30:14 | 000,012,876 | ---- | M] () -- C:\Windows\System32\korean.uce
[2009/06/11 07:30:14 | 000,008,484 | ---- | M] () -- C:\Windows\System32\kanji_2.uce
[2009/06/11 07:30:14 | 000,006,948 | ---- | M] () -- C:\Windows\System32\kanji_1.uce
[2009/06/11 07:29:34 | 000,000,697 | ---- | M] () -- C:\Windows\System32\NOISE.THA
[2009/06/11 07:29:29 | 011,967,524 | ---- | M] () -- C:\Windows\System32\korwbrkr.lex
[2009/06/11 07:29:29 | 000,001,486 | ---- | M] () -- C:\Windows\System32\noise.kor
[2009/06/11 07:29:28 | 000,001,696 | ---- | M] () -- C:\Windows\System32\NOISE.CHT
[2009/06/11 07:29:17 | 000,001,696 | ---- | M] () -- C:\Windows\System32\NOISE.CHS
[2009/06/11 07:27:46 | 000,115,091 | ---- | M] () -- C:\Windows\System32\WF.msc
[2009/06/11 07:27:38 | 000,000,003 | ---- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2009/06/11 07:26:15 | 000,144,998 | ---- | M] () -- C:\Windows\System32\lusrmgr.msc
[2009/06/11 07:26:10 | 000,673,088 | ---- | M] () -- C:\Windows\System32\mlang.dat
[2009/06/11 07:26:01 | 000,127,213 | ---- | M] () -- C:\Windows\System32\ega.cpi
[2009/06/11 07:25:52 | 000,063,411 | ---- | M] () -- C:\Windows\System32\NAPCLCFG.MSC
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () -- C:\Windows\System32\services.msc
[2009/06/11 07:21:07 | 000,144,909 | ---- | M] () -- C:\Windows\System32\fsmgmt.msc
[2009/06/11 07:21:06 | 000,113,256 | ---- | M] () -- C:\Windows\System32\compmgmt.msc
[2009/06/11 07:21:06 | 000,041,587 | ---- | M] () -- C:\Windows\System32\azman.msc
[2009/06/11 07:19:27 | 000,001,405 | ---- | M] () -- C:\Windows\msdfmap.ini
[2009/06/11 07:19:05 | 000,040,552 | ---- | M] () -- C:\Windows\System32\gatherNetworkInfo.vbs
[2009/06/11 07:19:05 | 000,021,812 | ---- | M] () -- C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[2009/06/11 07:18:29 | 000,000,565 | ---- | M] () -- C:\Windows\System32\NdfEventView.xml
[2009/06/11 07:17:44 | 000,124,118 | ---- | M] () -- C:\Windows\System32\comexp.msc
[2009/06/11 07:16:56 | 000,002,233 | ---- | M] () -- C:\Windows\System32\12520850.cpx
[2009/06/11 07:16:56 | 000,002,151 | ---- | M] () -- C:\Windows\System32\12520437.cpx
[2009/06/11 07:16:38 | 000,002,727 | ---- | M] () -- C:\Windows\System32\locationnotificationsview.xml
[2009/06/11 07:15:19 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2009/06/11 07:15:18 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2009/06/11 07:15:06 | 000,076,060 | ---- | M] () -- C:\Windows\System32\xpsrchvw.xml
[2009/06/11 07:14:45 | 000,048,201 | ---- | M] () -- C:\Windows\Starter.xml
[2009/06/11 07:14:32 | 000,048,265 | ---- | M] () -- C:\Windows\HomePremium.xml
[2009/06/11 07:14:29 | 003,440,660 | ---- | M] () -- C:\Windows\System32\drivers\gm.dls
[2009/04/04 06:35:48 | 036,977,152 | ---- | M] () -- C:\Users\Richard\ppviewersp2-en-us.msp
[2008/10/03 23:30:32 | 000,000,414 | ---- | M] () -- C:\Windows\System32\lame_acm.xml
[2008/09/25 05:41:12 | 000,839,680 | ---- | M] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2006/05/23 16:34:02 | 000,029,077 | ---- | M] () -- C:\Users\Richard\Desktop\[From www.metacafe.com] 66387.266189.1.rtf
[2006/01/31 16:27:18 | 000,126,464 | ---- | M] (www.madshi.net) -- C:\Windows\System32\madCHook.dll
[2003/07/16 21:13:43 | 000,385,024 | ---- | M] () -- C:\Windows\System32\xvid.ax
[2003/07/16 21:09:31 | 000,626,688 | ---- | M] () -- C:\Windows\System32\xvid.dll
[1995/12/13 03:27:30 | 000,002,831 | ---- | M] () -- C:\Windows\wavemix.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/27 14:51:32 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\MyDefrag.lnk
[2012/05/24 16:39:34 | 000,035,328 | ---- | C] () -- C:\Users\Richard\Desktop\RJS RESUME NEW May word
[2012/05/23 14:53:25 | 000,000,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Twin.lnk
[2012/05/23 14:53:25 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Anti-Twin.lnk
[2012/05/21 21:35:20 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/05/21 21:26:55 | 000,444,935 | ---- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120521-212655.backup
[2012/05/21 16:55:20 | 003,306,357 | -H-- | C] () -- C:\Users\Richard\AppData\Local\IconCache.db
[2012/05/21 10:45:27 | 000,147,456 | ---- | C] () -- C:\Users\Richard\Desktop\catchme.exe
[2012/05/21 10:30:28 | 000,089,088 | ---- | C] () -- C:\Users\Richard\Desktop\mbr.exe
[2012/05/19 17:24:48 | 000,000,691 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\GetValue.vbs
[2012/05/19 17:24:48 | 000,000,035 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\SetValue.bat
[2012/05/19 16:01:56 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Free RAR Extract Frog.lnk
[2012/05/19 15:23:36 | 000,472,064 | ---- | C] ( ) -- C:\Users\Richard\Desktop\RootRepeal.exe
[2012/05/19 14:51:13 | 000,000,512 | ---- | C] () -- C:\Users\Richard\Documents\MBR.dat
[2012/05/18 17:41:53 | 007,340,032 | ---- | C] () -- C:\Users\Richard\NTUSER.DAT
[2012/05/17 20:56:55 | 002,107,843 | ---- | C] () -- C:\Users\Richard\Desktop\tdsskiller(1).zip
[2012/05/17 16:41:02 | 000,236,346 | ---- | C] () -- C:\Users\Richard\Desktop\IMG_0894.JPG
[2012/05/17 16:40:50 | 000,212,738 | ---- | C] () -- C:\Users\Richard\Desktop\IMG_0896.JPG
[2012/05/17 16:40:42 | 000,233,523 | ---- | C] () -- C:\Users\Richard\Desktop\IMG_0897.JPG
[2012/05/11 19:01:59 | 000,263,794 | ---- | C] () -- C:\Users\Richard\Desktop\IMG_0892.JPG
[2012/05/11 19:01:59 | 000,232,902 | ---- | C] () -- C:\Users\Richard\Desktop\IMG_0891.JPG
[2012/05/11 19:01:59 | 000,231,349 | ---- | C] () -- C:\Users\Richard\Desktop\IMG_0893.JPG
[2012/04/29 13:13:50 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/04/29 13:13:50 | 000,001,183 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/04/26 18:11:33 | 001,008,141 | ---- | C] () -- C:\Users\Richard\Desktop\rkill(1).exe
[2012/04/26 17:59:26 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/25 18:06:13 | 000,002,863 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2012/04/22 15:47:58 | 000,444,891 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120422-154758.backup
[2012/04/21 18:34:33 | 000,002,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2012/04/21 18:34:33 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2012/04/21 18:34:33 | 000,001,254 | ---- | C] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/04/06 18:12:48 | 000,001,932 | ---- | C] () -- C:\Users\Richard\Desktop\MP3 Rocket 6.1.2.lnk
[2012/04/06 18:12:48 | 000,001,084 | ---- | C] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.1.2.lnk
[2012/04/06 13:54:38 | 000,444,263 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120406-135438.backup
[2012/03/30 16:02:01 | 000,000,115 | ---- | C] () -- C:\Windows\wininit.ini
[2012/03/27 19:25:19 | 000,107,862 | ---- | C] () -- C:\Users\Richard\Desktop\IMG_0363 (Small).JPG
[2012/03/24 19:33:59 | 000,130,367 | ---- | C] () -- C:\Users\Richard\Desktop\bike (Small).JPG
[2012/03/14 17:18:10 | 000,027,882 | ---- | C] () -- C:\Users\Richard\Desktop\RJS RESUME 2012 before hunter
[2012/03/07 13:16:00 | 000,000,498 | ---- | C] () -- C:\Users\Richard\Desktop\tpg - Shortcut.lnk
[2012/02/28 16:08:27 | 000,001,965 | ---- | C] () -- C:\Users\Richard\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/24 12:04:46 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/02/24 12:04:46 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/02/24 12:04:46 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2012/02/24 12:04:40 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/02/22 19:59:41 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/21 19:13:58 | 000,001,005 | ---- | C] () -- C:\Users\Richard\Desktop\KillProcess.lnk
[2012/02/21 16:04:01 | 000,071,950 | ---- | C] () -- C:\Users\Richard\Documents\gmer log 21.2.12
[2012/02/21 12:20:29 | 000,007,658 | ---- | C] () -- C:\Users\Richard\AppData\Local\resmon.resmoncfg
[2012/02/21 10:53:48 | 000,000,044 | ---- | C] () -- C:\Windows\System32\msssc.dll
[2012/02/18 08:40:26 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/17 16:03:08 | 001,143,711 | ---- | C] () -- C:\Users\Richard\Desktop\IMG_0363.JPG
[2012/02/17 16:01:23 | 000,197,748 | ---- | C] () -- C:\Users\Richard\Desktop\IMG_0865.JPG
[2012/02/17 15:58:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/02/15 09:40:01 | 000,302,592 | ---- | C] () -- C:\Users\Richard\Desktop\27sokv9v.exe
[2012/02/14 14:28:49 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012/02/14 14:28:44 | 000,419,880 | ---- | C] () -- C:\Windows\System32\locale.nls
[2012/02/14 14:27:31 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2012/02/14 14:27:28 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2012/02/14 14:27:15 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2012/02/13 21:42:30 | 000,001,041 | ---- | C] () -- C:\Users\Richard\Desktop\SpywareBlaster.lnk
[2012/02/13 21:40:26 | 000,000,938 | ---- | C] () -- C:\Users\Richard\Desktop\Ken Ward's Zipper.lnk
[2012/02/13 14:54:25 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 21:28:06 | 000,005,632 | ---- | C] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/08 20:16:43 | 000,000,708 | ---- | C] () -- C:\Windows\SSPRO.INI
[2012/02/07 19:32:57 | 000,001,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
[2012/02/07 13:26:23 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/07 13:26:22 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/06 19:53:58 | 000,249,971 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120206-205358.backup
[2012/02/01 15:51:07 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/02/01 15:50:11 | 000,001,203 | ---- | C] () -- C:\Users\Public\Desktop\Foxreal YouTube FLV Downloader.lnk
[2012/02/01 15:50:04 | 000,001,751 | ---- | C] () -- C:\Users\Richard\Desktop\XnView.lnk
[2012/02/01 15:47:01 | 000,001,208 | ---- | C] () -- C:\Users\Richard\Desktop\Auslogics Disk Defrag.lnk
[2012/02/01 15:46:40 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABCPix.LNK
[2012/02/01 15:02:45 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/01/31 19:32:20 | 000,000,824 | ---- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120131-203220.backup
[2012/01/31 19:30:09 | 000,001,250 | ---- | C] () -- C:\Users\Richard\Desktop\Spybot - Search & Destroy.lnk
[2012/01/30 15:40:08 | 000,000,852 | -H-- | C] () -- C:\aaw7boot.cmd
[2012/01/30 11:32:03 | 000,001,008 | ---- | C] () -- C:\Users\Richard\Desktop\Flash Movie Player.lnk
[2012/01/29 12:51:54 | 000,001,931 | ---- | C] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Screenshot Studio.lnk
[2012/01/29 11:40:53 | 000,003,009 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cropper.lnk
[2012/01/29 11:14:19 | 000,001,907 | ---- | C] () -- C:\Users\Richard\Desktop\Screenshot Studio.lnk
[2012/01/27 16:58:52 | 000,109,216 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2012/01/27 16:58:52 | 000,084,480 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2012/01/25 11:46:09 | 036,977,152 | ---- | C] () -- C:\Users\Richard\ppviewersp2-en-us.msp
[2012/01/25 11:44:41 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/25 11:43:26 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2012/01/25 11:43:26 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2012/01/25 11:39:41 | 000,000,893 | ---- | C] () -- C:\Users\Richard\Desktop\GetFLV.lnk
[2012/01/25 11:37:58 | 000,029,077 | ---- | C] () -- C:\Users\Richard\Desktop\[From www.metacafe.com] 66387.266189.1.rtf
[2012/01/22 10:22:57 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/01/22 10:22:57 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/01/22 10:22:16 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Shareaza.lnk
[2012/01/22 10:17:22 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/01/21 22:02:36 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/21 22:02:36 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/21 19:54:59 | 000,001,429 | ---- | C] () -- C:\Users\Richard\Desktop\thunderbird - Shortcut.lnk
[2012/01/21 10:40:00 | 000,057,560 | ---- | C] () -- C:\Users\Richard\AppData\Local\GDIPFONTCACHEV1.DAT
[2012/01/21 10:40:00 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/01/21 10:37:09 | 000,008,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/01/21 10:37:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012/01/21 10:36:53 | 000,004,978 | ---- | C] () -- C:\Windows\EasyDrv5_20120121_113647.ed5log
[2012/01/21 10:32:10 | 000,001,568 | ---- | C] () -- C:\Users\Richard\Desktop\Data Backup.lnk
[2012/01/21 10:32:09 | 000,729,688 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2012/01/21 10:30:56 | 000,001,411 | ---- | C] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/21 10:30:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/01/21 10:23:45 | 000,001,417 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/01/21 10:23:23 | 000,000,020 | -HS- | C] () -- C:\Users\Richard\ntuser.ini
[2012/01/21 10:23:21 | 000,524,288 | -HS- | C] () -- C:\Users\Richard\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012/01/21 10:23:21 | 000,524,288 | -HS- | C] () -- C:\Users\Richard\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012/01/21 10:23:21 | 000,065,536 | -HS- | C] () -- C:\Users\Richard\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012/01/21 10:23:21 | 000,000,290 | ---- | C] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/21 10:23:21 | 000,000,272 | ---- | C] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/21 10:20:19 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/21 10:20:09 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/13 12:44:28 | 004,025,034 | ---- | C] () -- C:\Users\Richard\Desktop\SuperGameHouseBlackjack.exe
[2011/12/14 11:30:46 | 000,238,953 | ---- | C] () -- C:\Users\Richard\Desktop\bike.JPG
[2011/09/16 09:26:26 | 2566,365,184 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/14 17:51:27 | 000,048,265 | ---- | C] () -- C:\Windows\HomePremium.xml
[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 14:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\tasks\SA.DAT
[2009/07/14 14:48:09 | 000,048,201 | ---- | C] () -- C:\Windows\Starter.xml
[2009/07/14 14:46:52 | 000,039,252 | ---- | C] () -- C:\Windows\System32\license.rtf
[2009/07/14 14:42:29 | 000,001,244 | ---- | C] () -- C:\Windows\System32\migwiz.lnk
[2009/07/14 14:42:26 | 000,000,535 | ---- | C] () -- C:\Windows\System32\mapisvc.inf
[2009/07/14 14:41:57 | 000,000,749 | RH-- | C] () -- C:\Windows\WindowsShell.Manifest
[2009/07/14 14:34:15 | 000,015,008 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/14 14:34:15 | 000,015,008 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/14 14:34:00 | 000,021,504 | ---- | C] () -- C:\Windows\System32\umstartup.etl
[2009/07/14 14:34:00 | 000,009,216 | ---- | C] () -- C:\Windows\System32\umstartup000.etl
[2009/07/14 14:33:53 | 000,266,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 12:05:48 | 000,630,124 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 12:05:48 | 000,111,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 12:05:05 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/07/14 12:05:05 | 000,001,696 | ---- | C] () -- C:\Windows\System32\NOISE.CHT
[2009/07/14 12:05:05 | 000,001,696 | ---- | C] () -- C:\Windows\System32\NOISE.CHS
[2009/07/14 12:05:05 | 000,001,486 | ---- | C] () -- C:\Windows\System32\noise.kor
[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 12:05:05 | 000,000,697 | ---- | C] () -- C:\Windows\System32\NOISE.THA
[2009/07/14 12:05:03 | 000,003,683 | ---- | C] () -- C:\Windows\System32\drivers\etc\lmhosts.sam
[2009/07/14 12:04:57 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2009/07/14 12:04:23 | 000,000,403 | ---- | C] () -- C:\Windows\win.ini
[2009/07/14 12:04:23 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/07/14 12:04:17 | 000,445,061 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120527-190233.backup
[2009/07/14 12:04:17 | 000,445,061 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120526-204022.backup
[2009/07/14 12:04:17 | 000,445,061 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts
[2009/07/14 12:04:17 | 000,444,989 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120517-162325.backup
[2009/07/14 12:04:17 | 000,444,891 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120426-193433.backup
[2009/07/14 12:04:17 | 000,444,808 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120422-150049.backup
[2009/07/14 12:04:17 | 000,444,808 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120421-171419.backup
[2009/07/14 12:04:17 | 000,444,263 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120417-201047.backup
[2009/07/14 12:04:17 | 000,443,639 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120406-135430.backup
[2009/07/14 12:04:17 | 000,443,614 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120324-154703.backup
[2009/07/14 12:04:17 | 000,443,554 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120313-164410.backup
[2009/07/14 12:04:17 | 000,443,548 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120402-192210.backup
[2009/07/14 12:04:17 | 000,443,485 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120225-121325.backup
[2009/07/14 12:04:17 | 000,443,485 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120219-000546.backup
[2009/07/14 12:04:17 | 000,443,325 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120213-232313.backup
[2009/07/14 12:04:17 | 000,249,971 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120208-194924.backup
[2009/07/14 12:04:17 | 000,249,971 | R--- | C] () -- C:\Windows\System32\drivers\etc\hosts.20120206-203941.backup
[2009/07/14 12:04:17 | 000,017,463 | ---- | C] () -- C:\Windows\System32\drivers\etc\services
[2009/07/14 12:04:17 | 000,001,358 | ---- | C] () -- C:\Windows\System32\drivers\etc\protocol
[2009/07/14 12:04:17 | 000,000,407 | ---- | C] () -- C:\Windows\System32\drivers\etc\networks
[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 12:04:04 | 000,002,577 | ---- | C] () -- C:\Windows\System32\config.nt
[2009/07/14 12:04:04 | 000,001,688 | ---- | C] () -- C:\Windows\System32\autoexec.nt
[2009/07/14 12:04:04 | 000,000,024 | ---- | C] () -- C:\autoexec.bat
[2009/07/14 12:04:04 | 000,000,010 | ---- | C] () -- C:\config.sys
[2009/07/14 12:03:57 | 000,008,798 | ---- | C] () -- C:\Windows\System32\icrav03.rat
[2009/07/14 12:03:57 | 000,001,988 | ---- | C] () -- C:\Windows\System32\ticrf.rat
[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 09:41:24 | 000,093,702 | ---- | C] () -- C:\Windows\System32\SubRange.uce
[2009/07/14 09:41:24 | 000,060,458 | ---- | C] () -- C:\Windows\System32\ideograf.uce
[2009/07/14 09:41:24 | 000,024,006 | ---- | C] () -- C:\Windows\System32\gb2312.uce
[2009/07/14 09:41:24 | 000,016,740 | ---- | C] () -- C:\Windows\System32\ShiftJIS.uce
[2009/07/14 09:41:24 | 000,012,876 | ---- | C] () -- C:\Windows\System32\korean.uce
[2009/07/14 09:41:24 | 000,008,484 | ---- | C] () -- C:\Windows\System32\kanji_2.uce
[2009/07/14 09:41:24 | 000,006,948 | ---- | C] () -- C:\Windows\System32\kanji_1.uce
[2009/07/14 09:11:57 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2009/07/14 09:08:01 | 000,003,577 | ---- | C] () -- C:\Windows\System32\sysprtj.sep
[2009/07/14 09:08:01 | 000,000,114 | ---- | C] () -- C:\Windows\System32\pcl.sep
[2009/07/14 09:08:01 | 000,000,051 | ---- | C] () -- C:\Windows\System32\pscript.sep
[2009/07/14 09:06:14 | 000,004,453 | ---- | C] () -- C:\Windows\System32\odbcconf.rsp
[2009/07/14 08:41:10 | 000,002,233 | ---- | C] () -- C:\Windows\System32\12520850.cpx
[2009/07/14 08:12:16 | 000,063,411 | ---- | C] () -- C:\Windows\System32\NAPCLCFG.MSC
[2009/07/14 08:11:17 | 000,115,091 | ---- | C] () -- C:\Windows\System32\WF.msc
[2009/07/14 08:10:48 | 000,021,812 | ---- | C] () -- C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[2009/07/14 08:06:29 | 000,201,034 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2009/07/14 08:06:29 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2009/07/14 08:06:29 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2009/07/14 08:06:29 | 000,001,559 | ---- | C] () -- C:\Windows\System32\WsmPty.xsl
[2009/07/14 08:01:40 | 000,124,118 | ---- | C] () -- C:\Windows\System32\comexp.msc
[2009/07/14 07:55:47 | 000,144,998 | ---- | C] () -- C:\Windows\System32\lusrmgr.msc
[2009/07/14 07:47:53 | 000,063,070 | ---- | C] () -- C:\Windows\System32\certmgr.msc
[2009/07/14 07:46:10 | 000,145,127 | ---- | C] () -- C:\Windows\System32\eventvwr.msc
[2009/07/14 07:46:10 | 000,017,935 | ---- | C] () -- C:\Windows\System32\EventViewer_EventDetails.xsl
[2009/07/14 07:46:09 | 000,145,059 | ---- | C] () -- C:\Windows\System32\taskschd.msc
[2009/07/14 07:46:01 | 000,144,673 | ---- | C] () -- C:\Windows\System32\WmiMgmt.msc
[2009/07/14 07:44:22 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2009/07/14 07:44:22 | 000,113,256 | ---- | C] () -- C:\Windows\System32\compmgmt.msc
[2009/07/14 07:44:22 | 000,092,745 | ---- | C] () -- C:\Windows\System32\services.msc
[2009/07/14 07:44:22 | 000,041,587 | ---- | C] () -- C:\Windows\System32\azman.msc
[2009/07/14 07:41:05 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe
[2009/07/14 07:41:04 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe
[2009/07/14 07:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe
[2009/07/14 07:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe
[2009/07/14 07:41:01 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM
[2009/07/14 07:40:59 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM
[2009/07/14 07:40:57 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe
[2009/07/14 07:40:57 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM
[2009/07/14 07:40:56 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe
[2009/07/14 07:40:54 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe
[2009/07/14 07:40:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe
[2009/07/14 07:40:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe
[2009/07/14 07:40:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe
[2009/07/14 07:40:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe
[2009/07/14 07:40:48 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM
[2009/07/14 07:40:44 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2009/07/14 07:40:43 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2009/07/14 07:40:43 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2009/07/14 07:40:41 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2009/07/14 07:40:40 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2009/07/14 07:40:39 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2009/07/14 07:40:35 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2009/07/14 07:40:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2009/07/14 07:40:27 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2009/07/14 07:40:23 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2009/07/14 07:40:19 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2009/07/14 07:40:17 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2009/07/14 07:40:15 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2009/07/14 07:40:13 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2009/07/14 07:40:11 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2009/07/14 07:38:38 | 000,024,114 | ---- | C] () -- C:\Windows\System32\lcptr.tbl
[2009/07/14 07:38:33 | 000,000,610 | ---- | C] () -- C:\Windows\System32\WdsUnattendTemplate.xml
[2009/07/14 07:34:35 | 000,047,679 | ---- | C] () -- C:\Windows\System32\diskmgmt.msc
[2009/07/14 07:33:45 | 000,000,714 | ---- | C] () -- C:\Windows\System32\RestartManager.mof
[2009/07/14 07:33:45 | 000,000,176 | ---- | C] () -- C:\Windows\System32\RestartManagerUninstall.mof
[2009/07/14 07:30:30 | 000,000,707 | ---- | C] () -- C:\Windows\_default.pif
[2009/07/14 07:30:26 | 000,018,832 | ---- | C] () -- C:\Windows\System32\v7vga.rom
[2009/07/14 07:30:26 | 000,008,191 | ---- | C] () -- C:\Windows\System32\bios4.rom
[2009/07/14 07:28:41 | 000,145,519 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2009/07/14 07:23:44 | 000,145,640 | ---- | C] () -- C:\Windows\System32\devmgmt.msc
[2009/07/14 07:23:03 | 000,067,808 | ---- | C] () -- C:\Windows\System32\normnfkc.nls
[2009/07/14 07:23:03 | 000,061,718 | ---- | C] () -- C:\Windows\System32\normnfkd.nls
[2009/07/14 07:23:03 | 000,047,076 | ---- | C] () -- C:\Windows\System32\normnfc.nls
[2009/07/14 07:23:03 | 000,040,566 | ---- | C] () -- C:\Windows\System32\normnfd.nls
[2009/07/14 07:20:44 | 000,144,862 | ---- | C] () -- C:\Windows\System32\tpm.msc
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009/07/14 06:31:17 | 000,127,213 | ---- | C] () -- C:\Windows\System32\ega.cpi
[2009/07/14 06:30:24 | 000,000,843 | ---- | C] () -- C:\Windows\System32\onlinesetup.cmd
[2009/07/14 06:29:46 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2009/07/14 06:22:42 | 000,195,618 | ---- | C] () -- C:\Windows\System32\C_10002.NLS
[2009/07/14 06:22:42 | 000,189,986 | ---- | C] () -- C:\Windows\System32\C_1361.NLS
[2009/07/14 06:22:42 | 000,187,938 | ---- | C] () -- C:\Windows\System32\C_20005.NLS
[2009/07/14 06:22:42 | 000,186,402 | ---- | C] () -- C:\Windows\System32\C_20001.NLS
[2009/07/14 06:22:42 | 000,185,378 | ---- | C] () -- C:\Windows\System32\C_20003.NLS
[2009/07/14 06:22:42 | 000,180,258 | ---- | C] () -- C:\Windows\System32\C_20004.NLS
[2009/07/14 06:22:42 | 000,180,258 | ---- | C] () -- C:\Windows\System32\C_20000.NLS
[2009/07/14 06:22:42 | 000,177,698 | ---- | C] () -- C:\Windows\System32\C_10003.NLS
[2009/07/14 06:22:42 | 000,173,602 | ---- | C] () -- C:\Windows\System32\C_20002.NLS
[2009/07/14 06:22:42 | 000,173,602 | ---- | C] () -- C:\Windows\System32\C_10008.NLS
[2009/07/14 06:22:42 | 000,162,850 | ---- | C] () -- C:\Windows\System32\C_10001.NLS
[2009/07/14 06:22:42 | 000,139,810 | ---- | C] () -- C:\Windows\System32\C_20261.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_869.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_866.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_865.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_864.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_863.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_862.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_861.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_860.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_858.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_857.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_855.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_852.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_850.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_775.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_737.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_720.NLS
[2009/07/14 06:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_437.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_875.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_870.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_708.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_500.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_28605.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\c_28603.nls
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_28599.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_28598.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_28597.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_28596.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_28595.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_28594.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_28593.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_28592.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_28591.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_21866.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_21027.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_21025.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20924.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20905.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20880.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20871.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20866.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20838.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20833.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20424.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20423.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20420.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20297.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20290.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20269.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20127.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20108.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20107.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20106.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20105.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_10082.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_10081.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_10079.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_10029.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_10021.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_10017.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_10010.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_10007.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_10006.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_10005.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_10004.NLS
[2009/07/14 06:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_10000.NLS
[2009/07/14 06:22:41 | 000,196,642 | ---- | C] () -- C:\Windows\System32\C_950.NLS
[2009/07/14 06:22:41 | 000,196,642 | ---- | C] () -- C:\Windows\System32\C_949.NLS
[2009/07/14 06:22:41 | 000,196,642 | ---- | C] () -- C:\Windows\System32\C_936.NLS
[2009/07/14 06:22:41 | 000,180,770 | ---- | C] () -- C:\Windows\System32\C_20932.NLS
[2009/07/14 06:22:41 | 000,177,698 | ---- | C] () -- C:\Windows\System32\C_20949.NLS
[2009/07/14 06:22:41 | 000,173,602 | ---- | C] () -- C:\Windows\System32\C_20936.NLS
[2009/07/14 06:22:41 | 000,162,850 | ---- | C] () -- C:\Windows\System32\C_932.NLS
[2009/07/14 06:22:41 | 000,066,594 | ---- | C] () -- C:\Windows\System32\C_874.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20285.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20284.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20280.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20278.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20277.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_20273.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1258.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1257.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1256.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1255.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1254.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1253.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1252.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1251.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1149.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1148.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1147.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1146.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1145.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1144.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1143.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1142.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1141.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1140.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1047.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1026.NLS
[2009/07/14 06:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_037.NLS
[2009/07/14 06:22:04 | 000,000,874 | ---- | C] () -- C:\Windows\System32\manage-bde.wsf
[2009/06/11 07:48:27 | 000,009,958 | ---- | C] () -- C:\Windows\System32\l_intl.nls
[2009/06/11 07:48:26 | 000,059,342 | ---- | C] () -- C:\Windows\System32\normidna.nls
[2009/06/11 07:48:14 | 000,066,082 | ---- | C] () -- C:\Windows\System32\C_1250.NLS
[2009/06/11 07:46:53 | 000,008,280 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/06/11 07:44:34 | 003,170,304 | ---- | C] () -- C:\Windows\System32\boot.sdi
[2009/06/11 07:42:54 | 000,028,420 | ---- | C] () -- C:\Windows\System32\bios1.rom
[2009/06/11 07:42:32 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com
[2009/06/11 07:42:32 | 000,021,232 | ---- | C] () -- C:\Windows\System32\graphics.pro
[2009/06/11 07:42:32 | 000,010,790 | ---- | C] () -- C:\Windows\System32\EDIT.HLP
[2009/06/11 07:42:07 | 000,004,041 | ---- | C] () -- C:\Windows\System32\xwizard.dtd
[2009/06/11 07:41:29 | 000,211,938 | ---- | C] () -- C:\Windows\System32\lcphrase.tbl
[2009/06/11 07:40:47 | 000,000,035 | ---- | C] () -- C:\Windows\System32\winrm.cmd
[2009/06/11 07:39:59 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2009/06/11 07:39:59 | 000,001,041 | ---- | C] () -- C:\Windows\System32\tcpbidi.xml
[2009/06/11 07:39:54 | 000,003,214 | ---- | C] () -- C:\Windows\System32\sysprint.sep
[2009/06/11 07:39:18 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2009/06/11 07:38:48 | 000,113,629 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/06/11 07:34:23 | 000,316,640 | ---- | C] () -- C:\Windows\WMSysPr9.prx
[2009/06/11 07:32:07 | 000,002,060 | ---- | C] () -- C:\Windows\System32\noise.jpn
[2009/06/11 07:30:14 | 000,022,984 | ---- | C] () -- C:\Windows\System32\bopomofo.uce
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/11 07:19:05 | 000,040,552 | ---- | C] () -- C:\Windows\System32\gatherNetworkInfo.vbs
[2009/06/11 07:18:29 | 000,000,565 | ---- | C] () -- C:\Windows\System32\NdfEventView.xml
[2009/06/11 07:16:56 | 000,002,151 | ---- | C] () -- C:\Windows\System32\12520437.cpx
[2009/06/11 07:16:38 | 000,002,727 | ---- | C] () -- C:\Windows\System32\locationnotificationsview.xml
[2009/06/11 07:15:06 | 000,076,060 | ---- | C] () -- C:\Windows\System32\xpsrchvw.xml
[2009/06/11 07:14:28 | 003,440,660 | ---- | C] () -- C:\Windows\System32\drivers\gm.dls
[2003/07/16 21:13:43 | 000,385,024 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2003/07/16 21:09:31 | 000,626,688 | ---- | C] () -- C:\Windows\System32\xvid.dll
[1998/08/30 02:26:04 | 000,002,831 | ---- | C] () -- C:\Windows\wavemix.ini

========== LOP Check ==========

[2012/01/21 14:45:19 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Auslogics
[2012/05/19 18:26:12 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Camtech
[2012/05/17 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Identum
[2012/04/29 13:39:38 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\IObit
[2012/02/21 19:15:48 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\KillProcess
[2012/04/06 18:14:26 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\MP3Rocket
[2012/01/22 15:30:13 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Orbit
[2012/05/19 16:02:00 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Philipp Winterberg
[2012/01/21 20:27:58 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\ProgSense
[2012/01/22 10:35:11 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Shareaza
[2012/02/07 19:34:43 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\SumatraPDF
[2012/01/21 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Thunderbird
[2012/05/21 15:48:02 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\XnView
[2012/03/24 10:51:40 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Richard\Music:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Richard\Downloads:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Richard\Documents\Scanned Documents:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Richard\Documents\My DAP Downloads:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Richard\Documents\Freecorder:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Richard\Documents\Fax:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Richard\Documents\Anti-Malware:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Richard\Documents\AIDA64 Reports:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Richard\Documents:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Richard\Desktop\Incomplete:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\sharing:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\not sharing:Shareaza.GUID
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:84098FD3
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:553CA6CA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#6 richoss

richoss
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 29 May 2012 - 04:43 AM

extras


OTL Extras logfile created on: 29/05/2012 19:22:36 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Richard\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.19 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 66.70% Memory free
6.37 Gb Paging File | 5.17 Gb Available in Paging File | 81.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 203.62 Gb Free Space | 68.33% Space Free | Partition Type: NTFS

Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DCCE5CC-1BEA-4144-9BEE-8847CE9921AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A64AF07-EE44-494D-821C-015D9348DE27}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1AF2FDB2-ED25-4D70-9742-F362643C8F4F}" = lport=445 | protocol=6 | dir=in | app=system |
"{2372D574-E535-47E9-AEFA-3C3FEE565570}" = rport=137 | protocol=17 | dir=out | app=system |
"{323D58C6-514F-45C0-A10D-0980FDB863E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{53364B6B-2697-4E1F-8563-AC10C18CE98D}" = rport=445 | protocol=6 | dir=out | app=system |
"{553C0953-F4A5-4AAB-B063-CA76D899F590}" = lport=137 | protocol=17 | dir=in | app=system |
"{7787A245-0372-48FD-9150-B43D3F159320}" = lport=139 | protocol=6 | dir=in | app=system |
"{7D365DE3-77A5-47BE-B491-4DD467C9D61C}" = lport=138 | protocol=17 | dir=in | app=system |
"{9A3DC221-EA5C-4331-8696-48E48512C72E}" = rport=139 | protocol=6 | dir=out | app=system |
"{AD715B9D-FF5F-4759-9D3F-E9D30ED1B832}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9AEAD50-5DB4-4CF0-AFEE-5CC712EA5C0C}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01616501-9E8E-45A2-9636-CAF489D0A705}" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"{6D2AB736-587A-4584-86F6-83C388F0AC07}" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"{6D9CC9B2-23CE-446B-A4E2-86284D6052B4}" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"{84E7B461-21E4-44C0-A793-08E9E3DE067F}" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"{9A480ECE-94A9-42F1-86F1-AAB26A5E02AF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B3B75DF5-2531-42D4-9119-4D67AD6F48A8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C6B9EDAC-41A6-449A-A110-2B78125998F5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CDF15B66-0102-4ECE-B672-F1201E92EEDD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E2D8D621-C143-4436-A3C9-B76314B26814}" = protocol=6 | dir=in | app=c:\users\richard\downloads\solutoinstaller-nx98jemt53.exe |
"{F9D070F9-372B-4D7B-B246-CA9BBA3E9636}" = protocol=17 | dir=in | app=c:\users\richard\downloads\solutoinstaller-nx98jemt53.exe |
"TCP Query User{07917B37-8021-44DE-9D14-76180791F69F}C:\data backup\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\data backup\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{4533D935-973F-42F5-A577-DA799E3B108B}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{D4E77431-A52D-4043-9AA7-5A113BD77D69}C:\data backup\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\data backup\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{0ACA3A8F-2553-4BBA-903F-3652D2FAF474}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{6ADB0D02-77DC-4AD8-AA23-E611FB33D785}C:\data backup\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\data backup\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{DB0D7462-D60D-4F36-B3F5-465EAF79AA13}C:\data backup\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\data backup\program files\orbitdownloader\orbitnet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14ebe571-096e-4cdd-8ee5-a2c0cc6b9b5e}" = Image Resizer for Windows
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1EE1BE7E-1F9A-4150-B95D-74415BCCF4D8}_is1" = Foxreal YouTube FLV Downloader version: 1.0.1.1
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{26F29691-9764-4FC4-A5BF-A515DE8C23E6}" = Cropper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8F61FB-37D9-4796-B3D5-A04991ABB20A}" = Image Resizer for Windows
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97F2985C-B74A-4672-960E-E3769AE5657A}}_is1" = Firefox ActiveX Plugin r39
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT for Internet Explorer
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Anti-Twin 2012-05-23 14.53.25" = Anti-Twin (Installation 23/05/2012)
"AVIcodec" = AVIcodec (remove only)
"Belarc Advisor" = Belarc Advisor 8.2
"CCleaner" = CCleaner
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"ESET Online Scanner" = ESET Online Scanner v3
"Flash Movie Player" = Flash Movie Player 1.5
"Free RAR Extract Frog" = Free RAR Extract Frog
"Freecorder5.11" = Freecorder 5
"Game Booster_is1" = Game Booster
"GetFLV Pro_is1" = GetFLV Pro 9.0.1.8
"Ken Ward's Zipper_is1" = Ken Ward's Zipper 1.4000
"KillProcess" = KillProcess 2.44
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.4.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MP3 Rocket" = MP3 Rocket
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"Screenshot Studio" = Screenshot Studio
"Shareaza_is1" = Shareaza 2.5.5.0
"SinkSub Pro" = SinkSub Pro
"SpyMe Tools_is1" = SpyMe Tools 1.5
"SpywareBlaster_is1" = SpywareBlaster 4.6
"ST6UNST #1" = ABCPix
"SumatraPDF" = SumatraPDF
"XnView_is1" = XnView 1.97.6
"XviD" = XviD MPEG-4 Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/05/2012 05:21:02 | Computer Name = Richard-PC | Source = Application Error | ID = 1000
Description = Faulting application name: pbjack.exe, version: 1.6.0.0, time stamp:
0x45624f38 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00052c39 Faulting process id:
0x9e8 Faulting application start time: 0x01cd3b20de4a532a Faulting application path:
C:\Users\Richard\Desktop\old bleep\Paul's Blackjack\pbjack.exe Faulting module path:
C:\Windows\SYSTEM32\ntdll.dll Report Id: 1c8e4457-a714-11e1-88cf-0025225da2db

Error - 26/05/2012 06:58:17 | Computer Name = Richard-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RootRepeal.exe, version: 1.3.5.0, time
stamp: 0x4a842d4f Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x9b12eb69 Faulting process id: 0xeec Faulting application
start time: 0x01cd3b2e72aace3f Faulting application path: C:\Users\Richard\Desktop\RootRepeal.exe
Faulting
module path: unknown Report Id: b2636d00-a721-11e1-88cf-0025225da2db

Error - 26/05/2012 22:46:28 | Computer Name = Richard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 26/05/2012 22:46:28 | Computer Name = Richard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 26/05/2012 22:46:32 | Computer Name = Richard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 26/05/2012 22:47:27 | Computer Name = Richard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 26/05/2012 22:54:19 | Computer Name = Richard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 26/05/2012 23:04:50 | Computer Name = Richard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 27/05/2012 00:21:44 | Computer Name = Richard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 27/05/2012 06:21:13 | Computer Name = Richard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 27/05/2012 06:51:07 | Computer Name = Richard-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 27/05/2012 06:51:10 | Computer Name = Richard-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 29/05/2012 04:52:39 | Computer Name = Richard-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 29/05/2012 04:52:40 | Computer Name = Richard-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 29/05/2012 04:52:44 | Computer Name = Richard-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 29/05/2012 04:56:46 | Computer Name = Richard-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 29/05/2012 04:56:52 | Computer Name = Richard-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:55:40 PM on ?29/?05/?2012 was unexpected.

Error - 29/05/2012 04:56:47 | Computer Name = Richard-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 29/05/2012 04:56:50 | Computer Name = Richard-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 29/05/2012 04:57:48 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7034
Description = The Advanced SystemCare Service 5 service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

thanks

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:05 PM

Posted 29 May 2012 - 05:59 PM

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
    SRV - File not found [Disabled | Stopped] -- C:\Users\Richard\AppData\Local\Temp\LJKXRGFG.exe -- (LJKXRGFG)
    SRV - File not found [Disabled | Stopped] -- C:\Users\Richard\AppData\Local\Temp\IRKLCFILCPKHOY.exe -- (IRKLCFILCPKHOY)
    SRV - File not found [Disabled | Stopped] -- C:\Users\Richard\AppData\Local\Temp\HDUX.exe -- (HDUX)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Richard\AppData\Local\Temp\mfe_rr.sys -- (MFE_RR)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:84098FD3
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:553CA6CA
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


Next please run ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#8 richoss

richoss
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 29 May 2012 - 07:42 PM

hey mole
log for otl run/fix

not too sure I wil be able to run an online scan as Im only on dial up and my session only lasts for 4 hours including downloading it but will try

========== OTL ==========
Service SBSDWSCService stopped successfully!
Service SBSDWSCService deleted successfully!
File C:\Program Files\Spybot not found.
Service LJKXRGFG stopped successfully!
Service LJKXRGFG deleted successfully!
File C:\Users\Richard\AppData\Local\Temp\LJKXRGFG.exe not found.
Service IRKLCFILCPKHOY stopped successfully!
Service IRKLCFILCPKHOY deleted successfully!
File C:\Users\Richard\AppData\Local\Temp\IRKLCFILCPKHOY.exe not found.
Service HDUX stopped successfully!
Service HDUX deleted successfully!
File C:\Users\Richard\AppData\Local\Temp\HDUX.exe not found.
Service MFE_RR stopped successfully!
Service MFE_RR deleted successfully!
File C:\Users\Richard\AppData\Local\Temp\mfe_rr.sys not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\TEMP:84098FD3 deleted successfully.
ADS C:\ProgramData\TEMP:553CA6CA deleted successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.

OTL by OldTimer - Version 3.2.44.0 log created on 05302012_103650

thanks man

doing the online scan soon

#9 richoss

richoss
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 29 May 2012 - 11:43 PM

tried the first time downloading it and couldn't download the antivirus data base for long enough
round2 underway now

the first log results

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetesets_scanner_update returned -1 esets_gle=45315
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
Can not open internet

#10 richoss

richoss
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 30 May 2012 - 01:00 AM

tried again on the online scanning but got an of Im pretty sure error 2002 not reported in log file

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:05 PM

Posted 30 May 2012 - 05:22 PM

We avoid online scanners then.

Can you run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#12 richoss

richoss
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 30 May 2012 - 07:32 PM

Hey Mole
I already have mbam
downloading a new copy now

also I have a genuine windows 7 premium not sure why its being coming up as vista?
I did have xp pro on my data backup not sure if that why it causing this problem?

downloading mbam now

computer is slow and having some problems starting up even in safe mode
error is 104288&clcid=0x0409 I looked this up on microsoft website and it couldn't be found too many options

http://www.microsoft.com/fwlink/?linkid=104288&clcid=0x0409


also sorry forgot to tell you recently got some trojans from superantispyware results after updating definitions, some I have left there for some time thinking it was a false result because mse and mbam didn't show them as anything to worry about. they are in quaritine atm

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/27/2012 at 01:29 PM

Application Version : 5.0.1146

Core Rules Database Version : 8650
Trace Rules Database Version: 6462

Scan type : Complete Scan
Total Scan Time : 00:55:26

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 566
Memory threats detected : 0
Registry items scanned : 33546
Registry threats detected : 0
File items scanned : 85741
File threats detected : 6

Trojan.Agent/Gen-Crypt
C:\PROGRAM FILES\MOZILLA FIREFOX\SMITFRAUDFIX\RESTART.EXE

Trojan.Agent/Gen-Somoto
C:\USERS\RICHARD\DESKTOP\OLD bleep\INSTALL-EUCHRE-FREE.EXE
C:\USERS\RICHARD\DESKTOP\OLD bleep\MY DAP DOWNLOADS\FREEYOUTUBEDOWNLOADERINSTALLER.EXE
C:\USERS\RICHARD\DESKTOP\OLD bleep\MY DAP DOWNLOADS\INSTALL-CHESS-FREE.EXE

Trojan.Agent/Gen-Mown
C:\USERS\RICHARD\DESKTOP\OLD bleep\SINKSUB PRO\SINKSUBPRO.EXE

Trojan.Agent/Gen-Autorun[Swisyn]
C:\USERS\RICHARD\DOWNLOADS\SPYME TOOLS SETUP.EXE


thanks and hope I havn't complicated anything

Edited by richoss, 30 May 2012 - 07:38 PM.


#13 richoss

richoss
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 31 May 2012 - 03:25 AM

ok I downloaded the new mbam and it found 1 more infection

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.30.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Richard :: RICHARD-PC [administrator]

31/05/2012 16:30:34
mbam-log-2012-05-31 (16-30-34).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 43183
Time elapsed: 4 minute(s), 52 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Richard\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.

(end)



also downloaded a updated superantispyware and running it now it has found a heur.agent/gen-whitebox so far still hasnt finished the scan



hey Mole do you know a way too check my thunderbird account to make sure someone is not using it or my address to send spam?

thanks for your help so far

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:05 PM

Posted 31 May 2012 - 04:57 PM

It's not easy to check hacking on an account so the best option is to change passwords using a clean computer

Anytime you encounter a malware infection on your computer or believe it has been hacked, especially if that computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer as a precaution, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.

There's been some malware of some kind on your machine but I don't see anything really dangerous which would have caused the hack on your email.

Can you try aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#15 richoss

richoss
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 01 June 2012 - 12:08 AM

thanks for that

1 post was highlighted yellow

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-01 13:32:48
-----------------------------
13:32:48.322 OS Version: Windows 6.1.7601 Service Pack 1
13:32:48.322 Number of processors: 4 586 0x170A
13:32:48.322 ComputerName: RICHARD-PC UserName: Richard
13:32:49.119 Initialize success
14:54:43.495 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:54:43.495 Disk 0 Vendor: WDC_WD3200AAKS-00UU3A0 01.03B01 Size: 305244MB BusType: 3
14:54:43.510 Disk 0 MBR read successfully
14:54:43.510 Disk 0 MBR scan
14:54:43.510 Disk 0 Windows 7 default MBR code
14:54:43.510 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:54:43.526 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305142 MB offset 206848
14:54:43.526 Disk 0 scanning sectors +625137664
14:54:43.604 Disk 0 scanning C:\Windows\system32\drivers
14:54:49.526 Service scanning
14:54:54.401 Service MpKsl64155977 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5385C67A-8A39-45D9-BEA1-41D7A33520FD}\MpKsl64155977.sys **LOCKED** 32
14:55:01.385 Modules scanning
14:55:08.151 Disk 0 trace - called modules:
14:55:08.166 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
14:55:08.166 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8621faa0]
14:55:08.166 3 CLASSPNP.SYS[8c66959e] -> nt!IofCallDriver -> [0x85ce1900]
14:55:08.166 5 ACPI.sys[8be373d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85cf9908]
14:55:08.166 Scan finished successfully
15:03:22.175 Disk 0 MBR has been saved successfully to "C:\Users\Richard\Documents\MBR.dat"
15:03:22.238 The log file has been saved successfully to "C:\Users\Richard\Documents\aswMBR new log 1.6.12.txt"



this is the yellow file that was highlighted

14:54:54.401 Service MpKsl64155977 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5385C67A-8A39-45D9-BEA1-41D7A33520FD}\MpKsl64155977.sys **LOCKED** 32

thanks man

Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.

dam didn't know to let the bank know of a possible breach and saying good by to my savings




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users