Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus infection


  • This topic is locked This topic is locked
61 replies to this topic

#1 fzx

fzx

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 19 June 2012 - 01:06 PM

hello i am having some problems removing a virus im using vista 32bit
attached are some log files
gmer stopped working

Attached Files


Edited by fzx, 19 June 2012 - 01:27 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:01 AM

Posted 21 June 2012 - 08:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

If you have a CD Emulator Software (Daemon Tools, Alcohol etc) installed, the drivers this software uses can interfere with the Anti-Rootkit tools we use. These interferences can take a few forms, like GMER crashing or causing BSODs, or Rootkit scans produces large amounts of FPs and general dross. This 'dross' often makes it hard to differentiate between genuine malicious Rootkits, and the legitimate drivers used by CM Emulators.

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

HOW TO: Enable the CD Emulators... < restore only when we are finished.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.
=====

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

If needed.
The scan will also create this Attach.txt log I would also like to see the content.
Please post it in a other post for my review, do not attach the file.

Posted Image

Please post the logs for my review.

#3 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 21 June 2012 - 03:40 PM

I ran everything in safemode
i dont think defogger worked so i uninstalled my cd emulation software
heres the log

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:28 on 21/06/2012 (acer)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Heres the ttdskiller log
20:36:02.0533 1240 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
20:36:04.0545 1240 ============================================================
20:36:04.0545 1240 Current date / time: 2012/06/21 20:36:04.0545
20:36:04.0545 1240 SystemInfo:
20:36:04.0545 1240
20:36:04.0545 1240 OS Version: 6.0.6002 ServicePack: 2.0
20:36:04.0545 1240 Product type: Workstation
20:36:04.0545 1240 ComputerName: FX-PC
20:36:04.0545 1240 UserName: acer
20:36:04.0545 1240 Windows directory: C:\Windows
20:36:04.0545 1240 System windows directory: C:\Windows
20:36:04.0545 1240 Processor architecture: Intel x86
20:36:04.0545 1240 Number of processors: 2
20:36:04.0545 1240 Page size: 0x1000
20:36:04.0545 1240 Boot type: Safe boot with network
20:36:04.0545 1240 ============================================================
20:36:04.0982 1240 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:36:05.0309 1240 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:36:05.0309 1240 ============================================================
20:36:05.0309 1240 \Device\Harddisk0\DR0:
20:36:05.0309 1240 MBR partitions:
20:36:05.0309 1240 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x381F0000
20:36:05.0309 1240 \Device\Harddisk1\DR1:
20:36:05.0309 1240 MBR partitions:
20:36:05.0309 1240 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
20:36:05.0309 1240 ============================================================
20:36:05.0387 1240 C: <-> \Device\Harddisk0\DR0\Partition0
20:36:05.0403 1240 D: <-> \Device\Harddisk1\DR1\Partition0
20:36:05.0403 1240 ============================================================
20:36:05.0403 1240 Initialize success
20:36:05.0403 1240 ============================================================
20:36:10.0535 1964 ============================================================
20:36:10.0535 1964 Scan started
20:36:10.0535 1964 Mode: Manual; SigCheck; TDLFS;
20:36:10.0535 1964 ============================================================
20:36:10.0972 1964 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:36:11.0097 1964 ACPI - ok
20:36:11.0191 1964 AcrSch2Svc - ok
20:36:11.0253 1964 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:36:11.0269 1964 AdobeARMservice - ok
20:36:11.0362 1964 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:36:11.0378 1964 AdobeFlashPlayerUpdateSvc - ok
20:36:11.0425 1964 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:36:11.0440 1964 adp94xx - ok
20:36:11.0487 1964 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:36:11.0503 1964 adpahci - ok
20:36:11.0534 1964 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:36:11.0549 1964 adpu160m - ok
20:36:11.0549 1964 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:36:11.0565 1964 adpu320 - ok
20:36:11.0596 1964 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:36:21.0689 1964 AeLookupSvc - ok
20:36:21.0705 1964 afcdp - ok
20:36:21.0830 1964 afcdpsrv - ok
20:36:21.0877 1964 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:36:21.0970 1964 AFD - ok
20:36:22.0033 1964 AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe
20:36:22.0079 1964 AgereModemAudio - ok
20:36:22.0157 1964 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
20:36:22.0313 1964 AgereSoftModem - ok
20:36:22.0376 1964 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:36:22.0391 1964 agp440 - ok
20:36:22.0438 1964 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:36:22.0454 1964 aic78xx - ok
20:36:22.0501 1964 AlfaFF (4490b8bdf38750458eb9b24835fda8fe) C:\Windows\system32\drivers\AlfaFF.sys
20:36:22.0532 1964 AlfaFF - ok
20:36:22.0547 1964 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:36:22.0657 1964 ALG - ok
20:36:22.0703 1964 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:36:22.0703 1964 aliide - ok
20:36:22.0719 1964 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:36:22.0735 1964 amdagp - ok
20:36:22.0735 1964 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:36:22.0750 1964 amdide - ok
20:36:22.0766 1964 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:36:22.0813 1964 AmdK7 - ok
20:36:22.0828 1964 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:36:22.0875 1964 AmdK8 - ok
20:36:22.0937 1964 ApfiltrService (91b05bbb609c79d73e2332b6e5f99aea) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:36:22.0953 1964 ApfiltrService - ok
20:36:23.0047 1964 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:36:23.0093 1964 Appinfo - ok
20:36:23.0187 1964 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:36:23.0203 1964 arc - ok
20:36:23.0203 1964 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:36:23.0218 1964 arcsas - ok
20:36:23.0218 1964 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:36:23.0281 1964 AsyncMac - ok
20:36:23.0359 1964 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:36:23.0359 1964 atapi - ok
20:36:23.0437 1964 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:36:23.0499 1964 AudioEndpointBuilder - ok
20:36:23.0499 1964 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:36:23.0515 1964 Audiosrv - ok
20:36:23.0593 1964 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:36:23.0624 1964 b57nd60x - ok
20:36:23.0655 1964 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:36:23.0686 1964 Beep - ok
20:36:23.0749 1964 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:36:23.0889 1964 BFE - ok
20:36:24.0217 1964 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx86.sys
20:36:24.0310 1964 BHDrvx86 - ok
20:36:24.0435 1964 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
20:36:24.0607 1964 BITS - ok
20:36:24.0669 1964 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:36:24.0700 1964 blbdrive - ok
20:36:24.0809 1964 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:36:24.0825 1964 bowser - ok
20:36:24.0887 1964 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:36:24.0934 1964 BrFiltLo - ok
20:36:24.0950 1964 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:36:24.0981 1964 BrFiltUp - ok
20:36:25.0012 1964 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:36:25.0059 1964 Browser - ok
20:36:25.0075 1964 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:36:25.0231 1964 Brserid - ok
20:36:25.0262 1964 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:36:25.0309 1964 BrSerWdm - ok
20:36:25.0340 1964 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:36:25.0418 1964 BrUsbMdm - ok
20:36:25.0418 1964 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:36:25.0480 1964 BrUsbSer - ok
20:36:25.0496 1964 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:36:25.0589 1964 BTHMODEM - ok
20:36:25.0808 1964 catchme - ok
20:36:25.0901 1964 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1307010.005\ccSetx86.sys
20:36:25.0901 1964 ccSet_NIS - ok
20:36:25.0964 1964 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:36:25.0995 1964 cdfs - ok
20:36:26.0042 1964 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:36:26.0073 1964 cdrom - ok
20:36:26.0151 1964 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:36:26.0182 1964 CertPropSvc - ok
20:36:26.0229 1964 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:36:26.0260 1964 circlass - ok
20:36:26.0307 1964 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:36:26.0338 1964 CLFS - ok
20:36:26.0510 1964 CLHNService (2b272d0a6e5071829b516ffdc7f841ca) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
20:36:26.0525 1964 CLHNService - ok
20:36:26.0619 1964 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:36:26.0635 1964 clr_optimization_v2.0.50727_32 - ok
20:36:26.0744 1964 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:36:26.0791 1964 clr_optimization_v4.0.30319_32 - ok
20:36:26.0853 1964 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:36:26.0884 1964 CmBatt - ok
20:36:26.0962 1964 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:36:26.0962 1964 cmdide - ok
20:36:27.0009 1964 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:36:27.0025 1964 Compbatt - ok
20:36:27.0025 1964 COMSysApp - ok
20:36:27.0087 1964 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:36:27.0087 1964 crcdisk - ok
20:36:27.0103 1964 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:36:27.0149 1964 Crusoe - ok
20:36:27.0181 1964 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
20:36:27.0227 1964 CryptSvc - ok
20:36:27.0290 1964 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:36:27.0399 1964 DcomLaunch - ok
20:36:27.0461 1964 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:36:27.0493 1964 DfsC - ok
20:36:27.0680 1964 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:36:27.0836 1964 DFSR - ok
20:36:27.0992 1964 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:36:28.0085 1964 Dhcp - ok
20:36:28.0148 1964 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:36:28.0163 1964 disk - ok
20:36:28.0210 1964 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
20:36:28.0210 1964 DKbFltr - ok
20:36:28.0273 1964 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:36:28.0319 1964 Dnscache - ok
20:36:28.0366 1964 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:36:28.0429 1964 dot3svc - ok
20:36:28.0522 1964 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:36:28.0585 1964 DPS - ok
20:36:28.0600 1964 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:36:28.0631 1964 drmkaud - ok
20:36:28.0694 1964 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:36:28.0709 1964 DXGKrnl - ok
20:36:28.0741 1964 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:36:28.0772 1964 E1G60 - ok
20:36:28.0834 1964 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:36:28.0865 1964 EapHost - ok
20:36:29.0131 1964 EaseUS Agent (1428af5504e8d8b353f5136bdecc20cc) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
20:36:29.0146 1964 EaseUS Agent - ok
20:36:29.0177 1964 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:36:29.0193 1964 Ecache - ok
20:36:29.0318 1964 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:36:29.0349 1964 eeCtrl - ok
20:36:29.0349 1964 efavdrv - ok
20:36:29.0458 1964 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:36:29.0536 1964 ehRecvr - ok
20:36:29.0552 1964 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:36:29.0583 1964 ehSched - ok
20:36:29.0599 1964 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:36:29.0614 1964 ehstart - ok
20:36:29.0661 1964 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:36:29.0677 1964 elxstor - ok
20:36:29.0833 1964 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:36:29.0895 1964 EMDMgmt - ok
20:36:30.0051 1964 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:36:30.0051 1964 EraserUtilRebootDrv - ok
20:36:30.0145 1964 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:36:30.0176 1964 ErrDev - ok
20:36:30.0285 1964 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
20:36:30.0301 1964 esgiguard - ok
20:36:30.0566 1964 esihdrv - ok
20:36:30.0613 1964 EUBAKUP (61c0226b938c35371ab0228834ef087f) C:\Windows\system32\drivers\eubakup.sys
20:36:30.0628 1964 EUBAKUP - ok
20:36:30.0644 1964 EUBKMON (c0c90df6e674fe6944f75d42e38e09fe) C:\Windows\system32\drivers\EUBKMON.sys
20:36:30.0659 1964 EUBKMON - ok
20:36:30.0675 1964 EUDSKACS (070a738258abac3918897ba4b16e0c30) C:\Windows\system32\drivers\eudskacs.sys
20:36:30.0691 1964 EUDSKACS - ok
20:36:30.0737 1964 EUFDDISK (ca8e59615f7d2243b567ded4f9647d5f) C:\Windows\system32\drivers\EuFdDisk.sys
20:36:30.0737 1964 EUFDDISK - ok
20:36:30.0831 1964 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:36:30.0909 1964 EventSystem - ok
20:36:31.0112 1964 EvtEng (54b6e150bff4a47eb0d204119d262e46) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:36:31.0190 1964 EvtEng ( UnsignedFile.Multi.Generic ) - warning
20:36:31.0190 1964 EvtEng - detected UnsignedFile.Multi.Generic (1)
20:36:31.0237 1964 ewusbnet (e1556af3fb0284c32896b9ac8494d9c2) C:\Windows\system32\DRIVERS\ewusbnet.sys
20:36:31.0315 1964 ewusbnet - ok
20:36:31.0346 1964 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
20:36:31.0377 1964 ew_hwusbdev - ok
20:36:31.0408 1964 ew_usbenumfilter (61a973f60e94a551ba7b15f3460444fb) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
20:36:31.0455 1964 ew_usbenumfilter - ok
20:36:31.0517 1964 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:36:31.0564 1964 exfat - ok
20:36:31.0611 1964 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:36:31.0642 1964 fastfat - ok
20:36:31.0689 1964 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:36:31.0736 1964 fdc - ok
20:36:31.0783 1964 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:36:31.0814 1964 fdPHost - ok
20:36:31.0814 1964 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:36:31.0876 1964 FDResPub - ok
20:36:31.0907 1964 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:36:31.0923 1964 FileInfo - ok
20:36:32.0110 1964 FileMonitor (47b91551fe7489a323baf4904cad757a) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys
20:36:32.0126 1964 FileMonitor - ok
20:36:32.0188 1964 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:36:32.0204 1964 Filetrace - ok
20:36:32.0219 1964 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:36:32.0266 1964 flpydisk - ok
20:36:32.0329 1964 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:36:32.0344 1964 FltMgr - ok
20:36:32.0407 1964 fltsrv (17119d86fb4a43a99bf5242dd3038394) C:\Windows\system32\DRIVERS\fltsrv.sys
20:36:32.0422 1964 fltsrv - ok
20:36:32.0500 1964 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:36:32.0594 1964 FontCache - ok
20:36:32.0687 1964 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:36:32.0687 1964 FontCache3.0.0.0 - ok
20:36:32.0750 1964 FPSensor (140c20d2ef25993e66e9d60e66977f3e) C:\Windows\system32\Drivers\FPSensor.sys
20:36:32.0750 1964 FPSensor - ok
20:36:32.0828 1964 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:36:32.0859 1964 Fs_Rec - ok
20:36:32.0921 1964 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:36:32.0937 1964 gagp30kx - ok
20:36:33.0015 1964 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:36:33.0140 1964 gpsvc - ok
20:36:33.0421 1964 Guard Agent (922d79bfe60e6277daa15dfd2a751f4d) C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
20:36:33.0436 1964 Guard Agent - ok
20:36:33.0467 1964 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
20:36:33.0530 1964 HdAudAddService - ok
20:36:33.0592 1964 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:36:33.0639 1964 HDAudBus - ok
20:36:33.0701 1964 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:36:33.0748 1964 HidBth - ok
20:36:33.0748 1964 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:36:33.0826 1964 HidIr - ok
20:36:33.0889 1964 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
20:36:33.0982 1964 hidserv - ok
20:36:33.0998 1964 hidshim (7f7e5e98cefed8a10f7e56810ea7b6df) C:\Windows\system32\DRIVERS\hidshim.sys
20:36:34.0013 1964 hidshim - ok
20:36:34.0045 1964 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:36:34.0060 1964 HidUsb - ok
20:36:34.0091 1964 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:36:34.0123 1964 hkmsvc - ok
20:36:34.0185 1964 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:36:34.0201 1964 HpCISSs - ok
20:36:34.0279 1964 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:36:34.0372 1964 HTTP - ok
20:36:34.0419 1964 hwdatacard (a89423d0132c8ab69ba621b6ce191714) C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:36:34.0450 1964 hwdatacard - ok
20:36:34.0715 1964 HYNSUCEEZUWMO (be1f516898dec9819369cc95b168deea) C:\Users\acer\AppData\Local\Temp\HYNSUCEEZUWMO.exe
20:36:34.0778 1964 HYNSUCEEZUWMO ( UnsignedFile.Multi.Generic ) - warning
20:36:34.0778 1964 HYNSUCEEZUWMO - detected UnsignedFile.Multi.Generic (1)
20:36:34.0856 1964 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:36:34.0856 1964 i2omp - ok
20:36:34.0918 1964 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:36:34.0949 1964 i8042prt - ok
20:36:35.0027 1964 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
20:36:35.0027 1964 iaStor - ok
20:36:35.0105 1964 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:36:35.0121 1964 iaStorV - ok
20:36:35.0183 1964 IDMWFP (8dc6f8a868b06f7b21c5683053509c8f) C:\Windows\system32\DRIVERS\idmwfp.sys
20:36:35.0183 1964 IDMWFP - ok
20:36:35.0339 1964 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:36:35.0417 1964 idsvc - ok
20:36:35.0792 1964 IDSVix86 (f9069ce7a7b9f9ba75d009b0ce3d7601) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120613.007\IDSvix86.sys
20:36:35.0807 1964 IDSVix86 - ok
20:36:36.0119 1964 IGBASVC (ea282b193d3a6b0a64085ad71b0817b0) c:\Program Files\Acer Bio Protection\BASVC.exe
20:36:36.0322 1964 IGBASVC ( UnsignedFile.Multi.Generic ) - warning
20:36:36.0322 1964 IGBASVC - detected UnsignedFile.Multi.Generic (1)
20:36:36.0416 1964 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:36:36.0431 1964 iirsp - ok
20:36:36.0525 1964 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:36:36.0650 1964 IKEEXT - ok
20:36:36.0899 1964 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
20:36:36.0946 1964 IMFservice - ok
20:36:37.0024 1964 ImmunetProtectDriver (47d2529f984ca5d812824f5222f4d1e6) C:\Windows\system32\DRIVERS\ImmunetProtect.sys
20:36:37.0024 1964 ImmunetProtectDriver - ok
20:36:37.0055 1964 ImmunetSelfProtectDriver (85c9286e2f09947d4ba32f17f518a20f) C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys
20:36:37.0071 1964 ImmunetSelfProtectDriver - ok
20:36:37.0133 1964 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) c:\Windows\system32\drivers\int15.sys
20:36:37.0133 1964 int15 ( UnsignedFile.Multi.Generic ) - warning
20:36:37.0133 1964 int15 - detected UnsignedFile.Multi.Generic (1)
20:36:37.0149 1964 IntcAzAudAddService - ok
20:36:37.0180 1964 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:36:37.0196 1964 intelide - ok
20:36:37.0211 1964 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:36:37.0305 1964 intelppm - ok
20:36:37.0352 1964 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:36:37.0383 1964 IPBusEnum - ok
20:36:37.0430 1964 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:36:37.0461 1964 IpFilterDriver - ok
20:36:37.0539 1964 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:36:37.0617 1964 iphlpsvc - ok
20:36:37.0633 1964 IpInIp - ok
20:36:37.0711 1964 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:36:37.0742 1964 IPMIDRV - ok
20:36:37.0742 1964 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:36:37.0773 1964 IPNAT - ok
20:36:37.0804 1964 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
20:36:37.0820 1964 irda - ok
20:36:37.0820 1964 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:36:37.0851 1964 IRENUM - ok
20:36:37.0898 1964 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
20:36:37.0960 1964 Irmon - ok
20:36:37.0960 1964 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:36:37.0976 1964 isapnp - ok
20:36:38.0038 1964 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:36:38.0054 1964 iScsiPrt - ok
20:36:38.0054 1964 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:36:38.0069 1964 iteatapi - ok
20:36:38.0069 1964 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:36:38.0085 1964 iteraid - ok
20:36:38.0132 1964 k57nd60x (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
20:36:38.0179 1964 k57nd60x - ok
20:36:38.0194 1964 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:36:38.0194 1964 kbdclass - ok
20:36:38.0257 1964 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:36:38.0288 1964 kbdhid - ok
20:36:38.0381 1964 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:36:38.0397 1964 KeyIso - ok
20:36:38.0459 1964 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:36:38.0475 1964 KSecDD - ok
20:36:38.0553 1964 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:36:38.0600 1964 KtmRm - ok
20:36:38.0662 1964 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:36:38.0709 1964 LanmanServer - ok
20:36:38.0756 1964 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:36:38.0803 1964 LanmanWorkstation - ok
20:36:39.0037 1964 Live Updater Service (93b73ded2bc688f140c6ae2fbad45789) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
20:36:39.0099 1964 Live Updater Service - ok
20:36:39.0161 1964 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:36:39.0177 1964 lltdio - ok
20:36:39.0255 1964 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:36:39.0317 1964 lltdsvc - ok
20:36:39.0380 1964 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:36:39.0427 1964 lmhosts - ok
20:36:39.0473 1964 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:36:39.0489 1964 LSI_FC - ok
20:36:39.0505 1964 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:36:39.0520 1964 LSI_SAS - ok
20:36:39.0536 1964 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:36:39.0551 1964 LSI_SCSI - ok
20:36:39.0583 1964 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:36:39.0614 1964 luafv - ok
20:36:39.0723 1964 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
20:36:39.0754 1964 MatSvc - ok
20:36:39.0801 1964 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
20:36:39.0817 1964 MBAMSwissArmy - ok
20:36:39.0817 1964 mcdbus - ok
20:36:39.0879 1964 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:36:39.0926 1964 Mcx2Svc - ok
20:36:39.0973 1964 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:36:39.0988 1964 megasas - ok
20:36:40.0051 1964 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:36:40.0066 1964 MegaSR - ok
20:36:40.0363 1964 MFE_RR (307ad17f3d4dfc34629533a1ce1fcd6b) C:\Users\acer\AppData\Local\Temp\mfe_rr.sys
20:36:40.0378 1964 MFE_RR - ok
20:36:40.0394 1964 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:36:40.0425 1964 MMCSS - ok
20:36:40.0472 1964 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:36:40.0503 1964 Modem - ok
20:36:40.0550 1964 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:36:40.0597 1964 monitor - ok
20:36:40.0628 1964 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:36:40.0643 1964 mouclass - ok
20:36:40.0643 1964 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:36:40.0675 1964 mouhid - ok
20:36:40.0737 1964 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:36:40.0753 1964 MountMgr - ok
20:36:40.0893 1964 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:36:40.0909 1964 MozillaMaintenance - ok
20:36:40.0971 1964 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:36:40.0971 1964 mpio - ok
20:36:41.0033 1964 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:36:41.0065 1964 mpsdrv - ok
20:36:41.0158 1964 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:36:41.0221 1964 MpsSvc - ok
20:36:41.0221 1964 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:36:41.0236 1964 Mraid35x - ok
20:36:41.0299 1964 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:36:41.0314 1964 MRxDAV - ok
20:36:41.0330 1964 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:36:41.0361 1964 mrxsmb - ok
20:36:41.0423 1964 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:36:41.0470 1964 mrxsmb10 - ok
20:36:41.0486 1964 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:36:41.0501 1964 mrxsmb20 - ok
20:36:41.0533 1964 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:36:41.0548 1964 msahci - ok
20:36:41.0595 1964 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:36:41.0595 1964 msdsm - ok
20:36:41.0673 1964 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:36:41.0767 1964 MSDTC - ok
20:36:41.0798 1964 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:36:41.0845 1964 Msfs - ok
20:36:41.0876 1964 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:36:41.0876 1964 msisadrv - ok
20:36:41.0938 1964 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:36:41.0969 1964 MSiSCSI - ok
20:36:42.0001 1964 msiserver - ok
20:36:42.0016 1964 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:36:42.0032 1964 MSKSSRV - ok
20:36:42.0063 1964 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:36:42.0094 1964 MSPCLOCK - ok
20:36:42.0125 1964 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:36:42.0141 1964 MSPQM - ok
20:36:42.0203 1964 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:36:42.0219 1964 MsRPC - ok
20:36:42.0250 1964 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:36:42.0266 1964 mssmbios - ok
20:36:42.0515 1964 MSSQL$MICROSOFTSCM - ok
20:36:42.0609 1964 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:36:42.0625 1964 MSSQLServerADHelper100 - ok
20:36:42.0687 1964 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:36:42.0703 1964 MSTEE - ok
20:36:42.0765 1964 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:36:42.0781 1964 Mup - ok
20:36:42.0827 1964 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
20:36:42.0827 1964 mwlPSDFilter - ok
20:36:42.0859 1964 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
20:36:42.0874 1964 mwlPSDNServ - ok
20:36:42.0952 1964 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
20:36:42.0952 1964 mwlPSDVDisk - ok
20:36:43.0061 1964 MWLService (fd257cd94057d02108b954156d7b2770) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
20:36:43.0139 1964 MWLService - ok
20:36:43.0171 1964 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:36:43.0295 1964 napagent - ok
20:36:43.0405 1964 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:36:43.0405 1964 NativeWifiP - ok
20:36:43.0654 1964 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120620.034\NAVENG.SYS
20:36:43.0654 1964 NAVENG - ok
20:36:43.0763 1964 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120620.034\NAVEX15.SYS
20:36:43.0888 1964 NAVEX15 - ok
20:36:44.0029 1964 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:36:44.0044 1964 NDIS - ok
20:36:44.0325 1964 NDISKIO - ok
20:36:44.0372 1964 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:36:44.0403 1964 NdisTapi - ok
20:36:44.0465 1964 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:36:44.0481 1964 Ndisuio - ok
20:36:44.0528 1964 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:36:44.0606 1964 NdisWan - ok
20:36:44.0684 1964 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:36:44.0699 1964 NDProxy - ok
20:36:44.0746 1964 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:36:44.0777 1964 NetBIOS - ok
20:36:44.0809 1964 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:36:44.0840 1964 netbt - ok
20:36:44.0902 1964 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:36:44.0918 1964 Netlogon - ok
20:36:44.0965 1964 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:36:45.0121 1964 Netman - ok
20:36:45.0199 1964 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:36:45.0245 1964 netprofm - ok
20:36:45.0355 1964 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:36:45.0355 1964 NetTcpPortSharing - ok
20:36:45.0635 1964 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
20:36:45.0994 1964 NETw5v32 - ok
20:36:46.0119 1964 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:36:46.0135 1964 nfrd960 - ok
20:36:46.0369 1964 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
20:36:46.0369 1964 NIS - ok
20:36:46.0493 1964 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:36:46.0571 1964 NlaSvc - ok
20:36:46.0649 1964 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:36:46.0665 1964 Npfs - ok
20:36:46.0915 1964 NQEBZW (82f6f4a317bd71c21100c11d23b46955) C:\Users\acer\AppData\Local\Temp\NQEBZW.exe
20:36:47.0008 1964 NQEBZW ( UnsignedFile.Multi.Generic ) - warning
20:36:47.0008 1964 NQEBZW - detected UnsignedFile.Multi.Generic (1)
20:36:47.0039 1964 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
20:36:47.0086 1964 NSCIRDA - ok
20:36:47.0133 1964 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:36:47.0164 1964 nsi - ok
20:36:47.0227 1964 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:36:47.0242 1964 nsiproxy - ok
20:36:47.0336 1964 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:36:47.0445 1964 Ntfs - ok
20:36:47.0679 1964 NTI IScheduleSvc (6e117af551f4325c3538ffc5d752d43b) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
20:36:47.0695 1964 NTI IScheduleSvc - ok
20:36:47.0773 1964 NTIBackupSvc (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
20:36:47.0788 1964 NTIBackupSvc - ok
20:36:47.0835 1964 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
20:36:47.0851 1964 NTIDrvr - ok
20:36:47.0866 1964 NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
20:36:47.0882 1964 NTISchedulerSvc - ok
20:36:47.0929 1964 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:36:47.0975 1964 ntrigdigi - ok
20:36:47.0975 1964 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:36:47.0991 1964 Null - ok
20:36:48.0038 1964 nuvotonhidgeneric (85d8845b7b6a434b7ce35723bf0e5c57) C:\Windows\system32\DRIVERS\nuvotonhidgeneric.sys
20:36:48.0116 1964 nuvotonhidgeneric - ok
20:36:48.0116 1964 NVHDA - ok
20:36:48.0615 1964 nvlddmkm (7faa756fefdd371745c88f8ae3141f0f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:36:48.0911 1964 nvlddmkm - ok
20:36:49.0021 1964 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:36:49.0036 1964 nvraid - ok
20:36:49.0036 1964 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:36:49.0052 1964 nvstor - ok
20:36:49.0130 1964 nvsvc (4cb7bca1918eb21bee0140ac6c69e481) C:\Windows\system32\nvvsvc.exe
20:36:49.0145 1964 nvsvc - ok
20:36:49.0286 1964 nvtark (f8927d691aba3e86effc918507ef00ba) C:\Program Files\NoVirusThanks\Anti-Rootkit (Free Edition)\nvtark.sys
20:36:49.0301 1964 nvtark ( UnsignedFile.Multi.Generic ) - warning
20:36:49.0301 1964 nvtark - detected UnsignedFile.Multi.Generic (1)
20:36:49.0333 1964 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:36:49.0348 1964 nv_agp - ok
20:36:49.0364 1964 NwlnkFlt - ok
20:36:49.0364 1964 NwlnkFwd - ok
20:36:49.0473 1964 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:36:49.0535 1964 odserv - ok
20:36:49.0598 1964 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
20:36:49.0613 1964 ohci1394 - ok
20:36:49.0676 1964 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:36:49.0691 1964 ose - ok
20:36:49.0801 1964 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:36:49.0894 1964 p2pimsvc - ok
20:36:49.0910 1964 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:36:49.0925 1964 p2psvc - ok
20:36:49.0957 1964 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:36:49.0988 1964 Parport - ok
20:36:50.0003 1964 Partizan - ok
20:36:50.0066 1964 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
20:36:50.0081 1964 partmgr - ok
20:36:50.0113 1964 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:36:50.0159 1964 Parvdm - ok
20:36:50.0206 1964 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:36:50.0237 1964 PcaSvc - ok
20:36:50.0284 1964 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:36:50.0300 1964 pci - ok
20:36:50.0347 1964 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:36:50.0362 1964 pciide - ok
20:36:50.0393 1964 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
20:36:50.0409 1964 pcmcia - ok
20:36:50.0471 1964 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:36:50.0549 1964 PEAUTH - ok
20:36:50.0690 1964 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:36:50.0830 1964 pla - ok
20:36:50.0955 1964 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:36:51.0017 1964 PlugPlay - ok
20:36:51.0127 1964 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:36:51.0142 1964 PNRPAutoReg - ok
20:36:51.0158 1964 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:36:51.0173 1964 PNRPsvc - ok
20:36:51.0236 1964 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:36:51.0361 1964 PolicyAgent - ok
20:36:51.0454 1964 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:36:51.0485 1964 PptpMiniport - ok
20:36:51.0532 1964 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:36:51.0548 1964 Processor - ok
20:36:51.0610 1964 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:36:51.0641 1964 ProfSvc - ok
20:36:51.0688 1964 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:36:51.0704 1964 ProtectedStorage - ok
20:36:51.0751 1964 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:36:51.0766 1964 PSched - ok
20:36:51.0844 1964 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
20:36:51.0844 1964 PSI - ok
20:36:51.0860 1964 qhpbzs - ok
20:36:51.0969 1964 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:36:52.0094 1964 ql2300 - ok
20:36:52.0125 1964 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:36:52.0141 1964 ql40xx - ok
20:36:52.0281 1964 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:36:52.0390 1964 QWAVE - ok
20:36:52.0421 1964 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:36:52.0453 1964 QWAVEdrv - ok
20:36:52.0453 1964 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:36:52.0484 1964 RasAcd - ok
20:36:52.0499 1964 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:36:52.0562 1964 RasAuto - ok
20:36:52.0593 1964 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:36:52.0609 1964 Rasl2tp - ok
20:36:52.0671 1964 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:36:52.0702 1964 RasMan - ok
20:36:52.0749 1964 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:36:52.0780 1964 RasPppoe - ok
20:36:52.0843 1964 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:36:52.0858 1964 RasSstp - ok
20:36:52.0936 1964 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:36:52.0952 1964 rdbss - ok
20:36:53.0030 1964 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:36:53.0061 1964 RDPCDD - ok
20:36:53.0123 1964 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:36:53.0155 1964 rdpdr - ok
20:36:53.0155 1964 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:36:53.0186 1964 RDPENCDD - ok
20:36:53.0217 1964 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
20:36:53.0279 1964 RDPWD - ok
20:36:53.0420 1964 RegFilter (d4cad048397ef2ab5cc7b918c54910eb) C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys
20:36:53.0435 1964 RegFilter - ok
20:36:53.0513 1964 RegSrvc (3ff45b7f17d5837216abae652cc61540) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:36:53.0623 1964 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
20:36:53.0623 1964 RegSrvc - detected UnsignedFile.Multi.Generic (1)
20:36:53.0701 1964 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:36:53.0716 1964 RemoteAccess - ok
20:36:53.0779 1964 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:36:53.0841 1964 RemoteRegistry - ok
20:36:53.0903 1964 rkhdrv40 (ba96e9fc124585f4cbec11416d85dc1e) C:\Windows\system32\drivers\rkhdrv40.sys
20:36:53.0919 1964 rkhdrv40 ( UnsignedFile.Multi.Generic ) - warning
20:36:53.0919 1964 rkhdrv40 - detected UnsignedFile.Multi.Generic (1)
20:36:53.0935 1964 rootrepeal - ok
20:36:53.0981 1964 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:36:54.0013 1964 RpcLocator - ok
20:36:54.0059 1964 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:36:54.0122 1964 RpcSs - ok
20:36:54.0215 1964 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
20:36:54.0215 1964 RsFx0103 - ok
20:36:54.0278 1964 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:36:54.0309 1964 rspndr - ok
20:36:54.0371 1964 rspSanity (42954897224a218d4345e3d65715590a) C:\Windows\system32\DRIVERS\rspSanity32.sys
20:36:54.0387 1964 rspSanity - ok
20:36:54.0527 1964 RS_Service (38494041f19f6cd005b711f5e08fae08) C:\Program Files\Acer\Acer VCM\RS_Service.exe
20:36:54.0574 1964 RS_Service ( UnsignedFile.Multi.Generic ) - warning
20:36:54.0574 1964 RS_Service - detected UnsignedFile.Multi.Generic (1)
20:36:54.0652 1964 RUBotSrv (a0eea6f631349d0e0b7a6caa7e099cb0) C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
20:36:54.0699 1964 RUBotSrv - ok
20:36:54.0746 1964 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:36:54.0746 1964 SamSs - ok
20:36:54.0808 1964 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:36:54.0824 1964 sbp2port - ok
20:36:54.0949 1964 scan - ok
20:36:55.0058 1964 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:36:55.0073 1964 SCardSvr - ok
20:36:55.0151 1964 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:36:55.0261 1964 Schedule - ok
20:36:55.0307 1964 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:36:55.0323 1964 SCPolicySvc - ok
20:36:55.0385 1964 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
20:36:55.0417 1964 sdbus - ok
20:36:55.0479 1964 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:36:55.0526 1964 SDRSVC - ok
20:36:55.0729 1964 SDTHelper (e81d58e1b9b6d1158cb1a9da867179d7) C:\Users\acer\Downloads\Compressed\radix_installer\sdthlpr.sys
20:36:55.0744 1964 SDTHelper ( UnsignedFile.Multi.Generic ) - warning
20:36:55.0744 1964 SDTHelper - detected UnsignedFile.Multi.Generic (1)
20:36:55.0807 1964 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:36:55.0853 1964 secdrv - ok
20:36:55.0900 1964 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:36:55.0931 1964 seclogon - ok
20:36:56.0119 1964 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files\Secunia\PSI\PSIA.exe
20:36:56.0259 1964 Secunia PSI Agent - ok
20:36:56.0306 1964 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:36:56.0337 1964 SENS - ok
20:36:56.0399 1964 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:36:56.0446 1964 Serenum - ok
20:36:56.0477 1964 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:36:56.0524 1964 Serial - ok
20:36:56.0571 1964 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:36:56.0602 1964 sermouse - ok
20:36:56.0867 1964 SesamService (ac105dbbb2506a8c7285b628c2b0a3a1) C:\Program Files\Telenor\mobilt bredband\Sesam\BIN\SecMIPService.exe
20:36:57.0055 1964 SesamService - ok
20:36:57.0211 1964 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:36:57.0226 1964 SessionEnv - ok
20:36:57.0304 1964 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:36:57.0320 1964 sffdisk - ok
20:36:57.0335 1964 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:36:57.0382 1964 sffp_mmc - ok
20:36:57.0398 1964 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:36:57.0413 1964 sffp_sd - ok
20:36:57.0429 1964 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:36:57.0491 1964 sfloppy - ok
20:36:57.0538 1964 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:36:57.0585 1964 SharedAccess - ok
20:36:57.0647 1964 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:36:57.0694 1964 ShellHWDetection - ok
20:36:57.0725 1964 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:36:57.0725 1964 sisagp - ok
20:36:57.0741 1964 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:36:57.0741 1964 SiSRaid2 - ok
20:36:57.0788 1964 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:36:57.0803 1964 SiSRaid4 - ok
20:36:58.0037 1964 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:36:58.0209 1964 slsvc - ok
20:36:58.0334 1964 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:36:58.0427 1964 SLUINotify - ok
20:36:58.0505 1964 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:36:58.0537 1964 Smb - ok
20:36:58.0646 1964 snapman (1bc68a9a70f92d5effbf0700ae2d7432) C:\Windows\system32\DRIVERS\snapman.sys
20:36:58.0661 1964 snapman - ok
20:36:58.0708 1964 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:36:58.0724 1964 SNMPTRAP - ok
20:36:58.0755 1964 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:36:58.0771 1964 spldr - ok
20:36:58.0833 1964 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:36:58.0864 1964 Spooler - ok
20:36:59.0129 1964 SQLAgent$MICROSOFTSCM (a687b5b326afcfcf182c4931d1ff9771) c:\Program Files\Microsoft SQL Server\MSSQL10.MICROSOFTSCM\MSSQL\Binn\SQLAGENT.EXE
20:36:59.0192 1964 SQLAgent$MICROSOFTSCM - ok
20:36:59.0285 1964 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:36:59.0317 1964 SQLBrowser - ok
20:36:59.0379 1964 SQLWriter (637a0f23f9012358e92e6f99835494d1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:36:59.0395 1964 SQLWriter - ok
20:36:59.0473 1964 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\NIS\1307010.005\SRTSP.SYS
20:36:59.0519 1964 SRTSP - ok
20:36:59.0566 1964 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\NIS\1307010.005\SRTSPX.SYS
20:36:59.0582 1964 SRTSPX - ok
20:36:59.0644 1964 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:36:59.0707 1964 srv - ok
20:36:59.0738 1964 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:36:59.0769 1964 srv2 - ok
20:36:59.0800 1964 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:36:59.0816 1964 srvnet - ok
20:36:59.0878 1964 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:36:59.0925 1964 SSDPSRV - ok
20:36:59.0956 1964 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:36:59.0972 1964 SstpSvc - ok
20:37:00.0050 1964 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:37:00.0112 1964 stisvc - ok
20:37:00.0159 1964 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:37:00.0175 1964 swenum - ok
20:37:00.0237 1964 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:37:00.0299 1964 swprv - ok
20:37:00.0362 1964 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:37:00.0362 1964 Symc8xx - ok
20:37:00.0471 1964 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1307010.005\SYMDS.SYS
20:37:00.0487 1964 SymDS - ok
20:37:00.0611 1964 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NIS\1307010.005\SYMEFA.SYS
20:37:00.0705 1964 SymEFA - ok
20:37:00.0767 1964 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
20:37:00.0783 1964 SymEvent - ok
20:37:00.0830 1964 SymIM (6e3ad51710cb4a27ea70adf685fca4ca) C:\Windows\system32\DRIVERS\SymIMv.sys
20:37:00.0830 1964 SymIM - ok
20:37:00.0892 1964 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NIS\1307010.005\Ironx86.SYS
20:37:00.0908 1964 SymIRON - ok
20:37:01.0001 1964 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\NIS\1307010.005\SYMTDIV.SYS
20:37:01.0001 1964 SYMTDIv - ok
20:37:01.0064 1964 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:37:01.0064 1964 Sym_hi - ok
20:37:01.0079 1964 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:37:01.0079 1964 Sym_u3 - ok
20:37:01.0204 1964 syncagentsrv - ok
20:37:01.0267 1964 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:37:01.0345 1964 SysMain - ok
20:37:01.0407 1964 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:37:01.0423 1964 TabletInputService - ok
20:37:01.0501 1964 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:37:01.0563 1964 TapiSrv - ok
20:37:01.0594 1964 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:37:01.0641 1964 TBS - ok
20:37:01.0703 1964 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
20:37:01.0750 1964 Tcpip - ok
20:37:01.0766 1964 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
20:37:01.0797 1964 Tcpip6 - ok
20:37:01.0859 1964 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:37:01.0875 1964 tcpipreg - ok
20:37:01.0922 1964 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:37:01.0969 1964 TDPIPE - ok
20:37:02.0078 1964 tdrpman (e04ab70501b2ad59da3612c175afd5d7) C:\Windows\system32\DRIVERS\tdrpman.sys
20:37:02.0140 1964 tdrpman - ok
20:37:02.0140 1964 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:37:02.0156 1964 TDTCP - ok
20:37:02.0203 1964 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:37:02.0234 1964 tdx - ok
20:37:02.0296 1964 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:37:02.0312 1964 TermDD - ok
20:37:02.0405 1964 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:37:02.0499 1964 TermService - ok
20:37:02.0530 1964 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:37:02.0546 1964 Themes - ok
20:37:02.0608 1964 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:37:02.0624 1964 THREADORDER - ok
20:37:02.0702 1964 timounter (4e4ba74565e8300596025fdf8b271cd1) C:\Windows\system32\DRIVERS\timntr.sys
20:37:02.0717 1964 timounter - ok
20:37:02.0749 1964 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:37:02.0780 1964 TrkWks - ok
20:37:02.0889 1964 Trufos (d391f1171a2e3a7080df6faae7a20c0b) C:\Windows\system32\DRIVERS\Trufos.sys
20:37:02.0905 1964 Trufos - ok
20:37:02.0967 1964 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:37:02.0983 1964 TrustedInstaller - ok
20:37:03.0045 1964 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:37:03.0076 1964 tssecsrv - ok
20:37:03.0123 1964 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:37:03.0154 1964 tunmp - ok
20:37:03.0185 1964 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:37:03.0201 1964 tunnel - ok
20:37:03.0201 1964 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:37:03.0217 1964 uagp35 - ok
20:37:03.0263 1964 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
20:37:03.0263 1964 UBHelper - ok
20:37:03.0310 1964 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:37:03.0326 1964 udfs - ok
20:37:03.0373 1964 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:37:03.0404 1964 UI0Detect - ok
20:37:03.0482 1964 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:37:03.0482 1964 uliagpkx - ok
20:37:03.0560 1964 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:37:03.0575 1964 uliahci - ok
20:37:03.0607 1964 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:37:03.0622 1964 UlSata - ok
20:37:03.0638 1964 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:37:03.0638 1964 ulsata2 - ok
20:37:03.0700 1964 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:37:03.0731 1964 umbus - ok
20:37:03.0809 1964 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:37:03.0887 1964 upnphost - ok
20:37:04.0012 1964 UrlFilter (25135422ac9efa051b6f17420b84e519) C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys
20:37:04.0028 1964 UrlFilter - ok
20:37:04.0059 1964 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:37:04.0075 1964 usbccgp - ok
20:37:04.0121 1964 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:37:04.0153 1964 usbcir - ok
20:37:04.0215 1964 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:37:04.0231 1964 usbehci - ok
20:37:04.0340 1964 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:37:04.0402 1964 usbhub - ok
20:37:04.0433 1964 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:37:04.0480 1964 usbohci - ok
20:37:04.0496 1964 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
20:37:04.0543 1964 usbprint - ok
20:37:04.0605 1964 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:37:04.0621 1964 USBSTOR - ok
20:37:04.0683 1964 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:37:04.0730 1964 usbuhci - ok
20:37:04.0777 1964 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:37:04.0808 1964 usbvideo - ok
20:37:04.0886 1964 utewntax (524d8d450622db4a7875b111c299a76b) C:\Windows\system32\Drivers\utewntax.sys
20:37:04.0917 1964 utewntax ( UnsignedFile.Multi.Generic ) - warning
20:37:04.0917 1964 utewntax - detected UnsignedFile.Multi.Generic (1)
20:37:05.0026 1964 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:37:05.0057 1964 UxSms - ok
20:37:05.0151 1964 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:37:05.0245 1964 vds - ok
20:37:05.0323 1964 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:37:05.0369 1964 vga - ok
20:37:05.0416 1964 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:37:05.0447 1964 VgaSave - ok
20:37:05.0510 1964 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:37:05.0510 1964 viaagp - ok
20:37:05.0525 1964 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:37:05.0541 1964 ViaC7 - ok
20:37:05.0557 1964 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:37:05.0557 1964 viaide - ok
20:37:05.0619 1964 vididr (9d71c424898e029e316fa93ad494950e) C:\Windows\system32\DRIVERS\vididr.sys
20:37:05.0635 1964 vididr - ok
20:37:05.0713 1964 vidsflt67 (47ab6ac7635e40f3c55c5a32cc4b86a8) C:\Windows\system32\DRIVERS\vsflt67.sys
20:37:05.0728 1964 vidsflt67 - ok
20:37:05.0791 1964 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:37:05.0806 1964 volmgr - ok
20:37:05.0884 1964 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:37:05.0900 1964 volmgrx - ok
20:37:05.0962 1964 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:37:05.0978 1964 volsnap - ok
20:37:06.0025 1964 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:37:06.0025 1964 vsmraid - ok
20:37:06.0149 1964 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:37:06.0274 1964 VSS - ok
20:37:06.0571 1964 VUDTMCFSR (83b29f537a5a45e1e614982440676fde) C:\Users\acer\AppData\Local\Temp\VUDTMCFSR.exe
20:37:06.0617 1964 VUDTMCFSR ( UnsignedFile.Multi.Generic ) - warning
20:37:06.0617 1964 VUDTMCFSR - detected UnsignedFile.Multi.Generic (1)
20:37:06.0742 1964 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:37:06.0820 1964 W32Time - ok
20:37:06.0883 1964 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:37:06.0945 1964 WacomPen - ok
20:37:06.0976 1964 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:37:06.0992 1964 Wanarp - ok
20:37:07.0007 1964 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:37:07.0023 1964 Wanarpv6 - ok
20:37:07.0085 1964 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:37:07.0117 1964 wcncsvc - ok
20:37:07.0148 1964 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:37:07.0179 1964 WcsPlugInService - ok
20:37:07.0195 1964 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:37:07.0195 1964 Wd - ok
20:37:07.0257 1964 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
20:37:07.0288 1964 WDC_SAM - ok
20:37:07.0319 1964 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:37:07.0397 1964 Wdf01000 - ok
20:37:07.0444 1964 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:37:07.0475 1964 WdiServiceHost - ok
20:37:07.0491 1964 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:37:07.0507 1964 WdiSystemHost - ok
20:37:07.0585 1964 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:37:07.0631 1964 WebClient - ok
20:37:07.0678 1964 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:37:07.0741 1964 Wecsvc - ok
20:37:07.0787 1964 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:37:07.0803 1964 wercplsupport - ok
20:37:07.0881 1964 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:37:07.0943 1964 WerSvc - ok
20:37:08.0006 1964 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
20:37:08.0006 1964 WimFltr - ok
20:37:08.0146 1964 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:37:08.0209 1964 WinDefend - ok
20:37:08.0240 1964 WinHttpAutoProxySvc - ok
20:37:08.0287 1964 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:37:08.0318 1964 Winmgmt - ok
20:37:08.0427 1964 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:37:08.0521 1964 WinRM - ok
20:37:08.0614 1964 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:37:08.0692 1964 Wlansvc - ok
20:37:08.0755 1964 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:37:08.0786 1964 WmiAcpi - ok
20:37:08.0911 1964 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:37:08.0926 1964 wmiApSrv - ok
20:37:09.0176 1964 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:37:09.0285 1964 WMPNetworkSvc - ok
20:37:09.0332 1964 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:37:09.0363 1964 WPCSvc - ok
20:37:09.0457 1964 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:37:09.0566 1964 WPDBusEnum - ok
20:37:09.0737 1964 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:37:09.0769 1964 WPFFontCache_v0400 - ok
20:37:09.0815 1964 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:37:09.0847 1964 ws2ifsl - ok
20:37:09.0925 1964 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
20:37:09.0956 1964 wscsvc - ok
20:37:09.0956 1964 WSearch - ok
20:37:10.0018 1964 wtsmpadap (1ba27d126e8ab117e03bbc44d05067bb) C:\Windows\system32\DRIVERS\wtsmpadap.sys
20:37:10.0018 1964 wtsmpadap - ok
20:37:10.0096 1964 WtSmpFlt (59848ceba889ff01cd7d988b430e9a5b) C:\Windows\system32\DRIVERS\wtsmpflt.sys
20:37:10.0112 1964 WtSmpFlt - ok
20:37:10.0237 1964 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:37:10.0471 1964 wuauserv - ok
20:37:10.0658 1964 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:37:10.0705 1964 WUDFRd - ok
20:37:10.0767 1964 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:37:10.0798 1964 wudfsvc - ok
20:37:10.0845 1964 MBR (0x1B8) (5586eabcc0d095db340d873e2b236896) \Device\Harddisk0\DR0
20:37:11.0578 1964 \Device\Harddisk0\DR0 - ok
20:37:11.0578 1964 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:37:11.0953 1964 \Device\Harddisk1\DR1 - ok
20:37:11.0953 1964 Boot (0x1200) (fe052331fcec9da7aa0305739ebcf246) \Device\Harddisk0\DR0\Partition0
20:37:11.0953 1964 \Device\Harddisk0\DR0\Partition0 - ok
20:37:11.0953 1964 Boot (0x1200) (ba38ef661b67c391b26b720ecc36e227) \Device\Harddisk1\DR1\Partition0
20:37:11.0953 1964 \Device\Harddisk1\DR1\Partition0 - ok
20:37:11.0953 1964 ============================================================
20:37:11.0953 1964 Scan finished
20:37:11.0953 1964 ============================================================
20:37:11.0968 1824 Detected object count: 12
20:37:11.0968 1824 Actual detected object count: 12
20:39:16.0472 1824 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:16.0472 1824 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:16.0472 1824 HYNSUCEEZUWMO ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:16.0472 1824 HYNSUCEEZUWMO ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:16.0472 1824 IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:16.0472 1824 IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:16.0472 1824 int15 ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:16.0472 1824 int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:16.0472 1824 NQEBZW ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:16.0472 1824 NQEBZW ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:16.0472 1824 nvtark ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:16.0472 1824 nvtark ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:16.0472 1824 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:16.0472 1824 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:16.0472 1824 rkhdrv40 ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:16.0472 1824 rkhdrv40 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:16.0472 1824 RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:16.0472 1824 RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:16.0487 1824 SDTHelper ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:16.0487 1824 SDTHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:16.0487 1824 utewntax ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:16.0487 1824 utewntax ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:16.0487 1824 VUDTMCFSR ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:16.0487 1824 VUDTMCFSR ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:39:19.0405 1472 Deinitialize success
Heres the assmbr log
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-21 22:15:49
-----------------------------
22:15:49.013 OS Version: Windows 6.0.6002 Service Pack 2
22:15:49.013 Number of processors: 2 586 0x170A
22:15:49.014 ComputerName: FX-PC UserName: acer
22:15:50.146 Initialize success
22:15:59.878 AVAST engine defs: 12062100
22:17:01.679 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:17:01.681 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
22:17:01.684 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
22:17:01.687 Disk 1 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
22:17:01.726 Disk 0 MBR read successfully
22:17:01.729 Disk 0 MBR scan
22:17:01.734 Disk 0 unknown MBR code
22:17:01.739 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14000 MB offset 2048
22:17:01.777 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 459744 MB offset 28674048
22:17:01.809 Disk 0 Partition 3 00 12 Compaq diag NTFS 3194 MB offset 970229760
22:17:01.824 Disk 0 scanning sectors +976771072
22:17:01.898 Disk 0 scanning C:\Windows\system32\drivers
22:17:11.601 Service scanning
22:17:42.091 Modules scanning
22:17:46.131 Disk 0 trace - called modules:
22:17:46.132
22:17:47.870 AVAST engine scan C:\Windows
22:17:51.762 AVAST engine scan C:\Windows\system32
22:20:46.444 AVAST engine scan C:\Windows\system32\drivers
22:21:06.569 AVAST engine scan C:\Users\acer
22:30:46.092 AVAST engine scan C:\ProgramData
22:31:48.856 Scan finished successfully
22:36:43.660 Disk 0 MBR has been saved successfully to "C:\Users\acer\Desktop\MBR.dat"
22:36:43.665 The log file has been saved successfully to "C:\Users\acer\Desktop\asw.txt"

I cant get dds to run

#4 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 21 June 2012 - 03:48 PM

heres the mbr

Attached Files

  • Attached File  MBR.zip   555bytes   3 downloads


#5 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 21 June 2012 - 03:54 PM

when defogger didnt work i searched for defogger on c drive and i found this document called history in mgtools folder it talks about vundo and bagle anyway i think its assosiated with the virus

Attached Files



#6 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 21 June 2012 - 03:57 PM

heres a list of the contents of mgtools

Attached Files



#7 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 21 June 2012 - 04:10 PM

heres a complete list of the contents of mgtools

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:01 AM

Posted 22 June 2012 - 09:08 AM

If at all possible please run this tool in Normal mode.

If not possible do it in Safe Mode with internet connection.
Please let me know what mode you used.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.

#9 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 22 June 2012 - 10:35 AM

heres the malwarebytes log done in safe mode i could not get it to update in normal mode www.malwarebytes.org

Database version: v2012.06.22.07

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
acer :: FX-PC [administrator]

22.06.2012 17:23:27
mbam-log-2012-06-22 (17-23-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208337
Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:01 AM

Posted 22 June 2012 - 12:50 PM

So normal mode is not available.

Please run the SFC.exe tool.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:01 AM

Posted 28 June 2012 - 08:26 AM

Are you still with me?

#12 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 02 July 2012 - 10:54 PM

ressurse protection found damaged files but could not repair them

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:01 AM

Posted 03 July 2012 - 07:53 AM

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#14 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 03 July 2012 - 06:50 PM

OTL logfile created on: 04.07.2012 01:38:20 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\fzx\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 84,62% Memory free
6,19 Gb Paging File | 5,88 Gb Available in Paging File | 95,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 448,97 Gb Total Space | 379,92 Gb Free Space | 84,62% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 297,09 Gb Free Space | 63,79% Space Free | Partition Type: NTFS

Computer Name: FZX-PC | User Name: fzx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\fzx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programfiler\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Programfiler\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programfiler\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (0210701340978343mcinstcleanup) McAfee Application Installer Cleanup (0210701340978343) -- C:\Windows\TEMP\021070~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini File not found
SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.)
SRV - (CLHNService) -- C:\Programfiler\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (McODS) -- C:\Programfiler\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programfiler\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programfiler\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Programfiler\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Programfiler\McAfee\MSK\msksrver.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Programfiler\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (MpfService) -- C:\Programfiler\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Programfiler\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programfiler\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WMPNetworkSvc) -- C:\Programfiler\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programfiler\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (odserv) -- C:\Programfiler\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programfiler\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (FPSensor) EgisTech-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\System32\drivers\FPSensor.sys (Egis)
DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows ® Codename Longhorn DDK provider)
DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink ™ -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0612&m=aspire_7738
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0612&m=aspire_7738
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0612&m=aspire_7738
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0612&m=aspire_7738
IE - HKCU\..\SearchScopes,DefaultScope = {ABFB69E5-8A3C-4147-8CAC-EBD5AF603515}
IE - HKCU\..\SearchScopes\{ABFB69E5-8A3C-4147-8CAC-EBD5AF603515}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js - File not found
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2012.07.04 11:04:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.04 01:31:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.06.29 23:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fzx\AppData\Roaming\mozilla\Extensions
[2012.06.30 10:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions
[2012.06.30 10:12:25 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2012.06.30 10:12:32 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2012.06.30 10:12:34 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2012.06.30 10:15:25 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2012.06.30 10:15:29 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2012.06.30 10:15:38 | 000,000,000 | ---D | M] ("Malware Search") -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2012.06.30 10:15:41 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2012.06.30 10:15:46 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2012.06.30 10:20:17 | 000,000,000 | ---D | M] (InfoLister) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{3f0da09b-c1ab-40c5-8d7f-53f475ac3fe8}
[2012.06.30 10:20:22 | 000,000,000 | ---D | M] (FEBE Mod) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA4}
[2012.06.30 10:20:34 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2012.06.30 10:20:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2012.06.30 10:21:20 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012.06.30 10:22:05 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2012.06.30 10:22:07 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2012.06.30 10:22:12 | 000,000,000 | ---D | M] (Liquid Words) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2012.06.30 10:25:11 | 000,000,000 | ---D | M] (CookieSafe (FF 4 compatible)) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DE}
[2012.06.30 10:25:20 | 000,000,000 | ---D | M] (WOT) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.06.30 10:26:02 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2012.06.30 10:26:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.06.30 10:27:36 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2012.06.30 10:29:35 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2012.06.30 10:30:40 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2012.06.30 10:32:49 | 000,000,000 | ---D | M] (Theme Font &amp; Size Changer) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2012.06.30 10:36:19 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2012.06.30 10:37:01 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2012.06.30 09:55:49 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\adblockpopups@jessehakanen.net
[2012.06.30 09:55:56 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\autopager@mozilla.org
[2012.06.30 09:56:00 | 000,000,000 | ---D | M] (BrowserMasquerade) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\BrowserMasquerade@mozilla.org
[2012.06.30 09:56:15 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\browserprotect@browserprotect.com
[2012.06.30 09:56:19 | 000,000,000 | ---D | M] (Cache Status) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\cache@status.org
[2012.06.29 23:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\cam@sdrocking.com
[2012.06.30 09:56:54 | 000,000,000 | ---D | M] (Check4Change) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\check4change-owner@mozdev.org
[2012.06.29 23:21:39 | 000,000,000 | ---D | M] ("checkCompatibility") -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\check-compatibility@dactyl.googlecode.com
[2012.06.30 09:57:00 | 000,000,000 | ---D | M] (CLEO) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\CLEO@guid.customsoftwareconsult.com
[2012.06.30 09:58:36 | 000,000,000 | ---D | M] (Add-on Compatibility Reporter) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\compatibility@addons.mozilla.org
[2012.06.30 09:58:39 | 000,000,000 | ---D | M] (Context Menu History) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\contextmenuhistory@garyking
[2012.06.30 09:58:52 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\custombuttons@xsms.org
[2012.06.30 10:00:04 | 000,000,000 | ---D | M] (Drag &amp; DropZones) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\dendzones@captaincaveman.nl
[2012.06.30 10:00:07 | 000,000,000 | ---D | M] (DragNDrop Toolbars) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\dndtb@c-est-simple.com
[2012.06.30 10:00:12 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012.06.30 10:00:18 | 000,000,000 | ---D | M] (Extension Manager Extended) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\Extended@spanglerco.com
[2012.06.30 10:01:40 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\firefox@ghostery.com
[2012.06.30 10:01:59 | 000,000,000 | ---D | M] (Force-TLS) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\forcetls@sid.stamm
[2012.06.30 10:04:19 | 000,000,000 | ---D | M] (Form History Control) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\formhistory@yahoo.com
[2012.06.30 10:04:22 | 000,000,000 | ---D | M] (Full Session History) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\fullsessionhistory@simon.sasburg
[2012.06.30 10:04:27 | 000,000,000 | ---D | M] ("Google Image Help") -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\googleimagehelp@shivam.org
[2012.06.30 10:04:31 | 000,000,000 | ---D | M] (gui:config) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\guiconfig@slosd.net
[2012.06.30 10:04:39 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\inspector@mozilla.org
[2012.06.30 10:04:53 | 000,000,000 | ---D | M] ("It's All Text!") -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\itsalltext@docwhat.gerf.org
[2012.06.30 10:05:09 | 000,000,000 | ---D | M] (Beef Taco (Targeted Advertising Cookie Opt-Out)) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\john@velvetcache.org
[2012.06.30 10:05:14 | 000,000,000 | ---D | M] (Norsk bokmål ordliste) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\nb-NO@dictionaries.addons.mozilla.org
[2012.06.30 10:05:26 | 000,000,000 | ---D | M] (Open in IE) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\openinie@wittersworld.com
[2012.06.30 10:05:36 | 000,000,000 | ---D | M] (Personas) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\personas@christopher.beard
[2012.06.30 10:05:49 | 000,000,000 | ---D | M] (Restart Button) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\restartbutton@strk.jp
[2012.06.30 10:05:52 | 000,000,000 | ---D | M] (selectivecookiedelete) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\selectivecookiedelete@siju.mathew
[2012.06.30 10:07:59 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\smarterwiki@wikiatic.com
[2012.06.30 10:08:37 | 000,000,000 | ---D | M] (Smiley Xtra) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\smxtra5@smileyxtra.co.uk
[2012.06.30 10:09:39 | 000,000,000 | ---D | M] (TrashMail.net) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\spam@trashmail.net
[2012.06.30 10:11:33 | 000,000,000 | ---D | M] (Stylish-Custom) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\Stylish-Custom@choggi.dyndns.org
[2012.06.30 10:11:36 | 000,000,000 | ---D | M] ("Sun Cult") -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\suncult@sf.net
[2012.06.30 10:11:55 | 000,000,000 | ---D | M] (Spam Ratings) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\toolbar@spamratings.com
[2012.06.30 10:12:18 | 000,000,000 | ---D | M] (TrackMeNot) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\trackmenot@mrl.nyu.edu
[2012.06.30 10:12:20 | 000,000,000 | ---D | M] (Universal Behavioral Advertising Opt-out) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\heaghovs.default\extensions\universal@dubfire.net
[2012.07.03 08:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions
[2012.07.03 08:18:48 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2012.07.03 08:18:48 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2012.07.03 08:18:48 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2012.07.03 08:18:48 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2012.07.03 08:18:48 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2012.07.03 08:18:48 | 000,000,000 | ---D | M] ("Malware Search") -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2012.07.03 08:18:48 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2012.07.03 08:18:48 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2012.07.03 08:18:49 | 000,000,000 | ---D | M] (InfoLister) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{3f0da09b-c1ab-40c5-8d7f-53f475ac3fe8}
[2012.07.03 08:18:50 | 000,000,000 | ---D | M] (FEBE Mod) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA4}
[2012.07.03 08:18:50 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2012.07.03 08:18:50 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2012.07.03 08:18:50 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012.07.03 08:18:51 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2012.07.03 08:18:51 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2012.07.03 08:18:51 | 000,000,000 | ---D | M] (Liquid Words) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2012.07.03 08:18:52 | 000,000,000 | ---D | M] (CookieSafe (FF 4 compatible)) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DE}
[2012.07.03 08:18:52 | 000,000,000 | ---D | M] (WOT) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.07.03 08:18:52 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2012.07.03 08:18:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.07.03 08:18:53 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2012.07.03 08:18:53 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2012.07.03 08:18:53 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2012.07.03 08:18:54 | 000,000,000 | ---D | M] (Theme Font &amp; Size Changer) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2012.07.03 08:18:55 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2012.07.03 08:18:55 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2012.07.03 08:18:44 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\adblockpopups@jessehakanen.net
[2012.07.03 08:18:45 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\autopager@mozilla.org
[2012.07.03 08:18:45 | 000,000,000 | ---D | M] (BrowserMasquerade) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\BrowserMasquerade@mozilla.org
[2012.07.03 08:18:45 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\browserprotect@browserprotect.com
[2012.07.03 08:18:45 | 000,000,000 | ---D | M] (Cache Status) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\cache@status.org
[2012.07.03 08:18:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\cam@sdrocking.com
[2012.07.03 08:18:45 | 000,000,000 | ---D | M] (Check4Change) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\check4change-owner@mozdev.org
[2012.07.03 08:18:45 | 000,000,000 | ---D | M] ("checkCompatibility") -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\check-compatibility@dactyl.googlecode.com
[2012.07.03 08:18:45 | 000,000,000 | ---D | M] (CLEO) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\CLEO@guid.customsoftwareconsult.com
[2012.07.03 08:18:45 | 000,000,000 | ---D | M] (Add-on Compatibility Reporter) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\compatibility@addons.mozilla.org
[2012.07.03 08:18:45 | 000,000,000 | ---D | M] (Context Menu History) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\contextmenuhistory@garyking
[2012.07.03 08:18:45 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\custombuttons@xsms.org
[2012.07.03 08:18:45 | 000,000,000 | ---D | M] (Drag &amp; DropZones) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\dendzones@captaincaveman.nl
[2012.07.03 08:18:45 | 000,000,000 | ---D | M] (DragNDrop Toolbars) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\dndtb@c-est-simple.com
[2012.07.03 08:19:52 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012.07.03 08:18:45 | 000,000,000 | ---D | M] (Extension Manager Extended) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\Extended@spanglerco.com
[2012.07.03 08:18:46 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\firefox@ghostery.com
[2012.07.03 08:18:46 | 000,000,000 | ---D | M] (Force-TLS) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\forcetls@sid.stamm
[2012.07.03 08:18:46 | 000,000,000 | ---D | M] (Form History Control) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\formhistory@yahoo.com
[2012.07.03 08:18:46 | 000,000,000 | ---D | M] (Full Session History) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\fullsessionhistory@simon.sasburg
[2012.07.03 08:18:46 | 000,000,000 | ---D | M] ("Google Image Help") -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\googleimagehelp@shivam.org
[2012.07.03 08:18:46 | 000,000,000 | ---D | M] (gui:config) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\guiconfig@slosd.net
[2012.07.03 08:18:46 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\inspector@mozilla.org
[2012.07.03 08:18:46 | 000,000,000 | ---D | M] ("It's All Text!") -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\itsalltext@docwhat.gerf.org
[2012.07.03 08:18:46 | 000,000,000 | ---D | M] (Beef Taco (Targeted Advertising Cookie Opt-Out)) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\john@velvetcache.org
[2012.07.03 08:18:47 | 000,000,000 | ---D | M] (Norsk bokmål ordliste) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\nb-NO@dictionaries.addons.mozilla.org
[2012.07.03 08:18:47 | 000,000,000 | ---D | M] (Open in IE) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\openinie@wittersworld.com
[2012.07.03 08:18:47 | 000,000,000 | ---D | M] (Personas) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\personas@christopher.beard
[2012.07.03 08:18:47 | 000,000,000 | ---D | M] (Restart Button) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\restartbutton@strk.jp
[2012.07.03 08:18:47 | 000,000,000 | ---D | M] (selectivecookiedelete) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\selectivecookiedelete@siju.mathew
[2012.07.03 08:18:47 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\smarterwiki@wikiatic.com
[2012.07.03 08:18:47 | 000,000,000 | ---D | M] (Smiley Xtra) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\smxtra5@smileyxtra.co.uk
[2012.07.03 08:18:47 | 000,000,000 | ---D | M] (TrashMail.net) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\spam@trashmail.net
[2012.07.03 08:18:47 | 000,000,000 | ---D | M] (Stylish-Custom) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\Stylish-Custom@choggi.dyndns.org
[2012.07.03 08:18:47 | 000,000,000 | ---D | M] ("Sun Cult") -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\suncult@sf.net
[2012.07.03 08:18:47 | 000,000,000 | ---D | M] (Spam Ratings) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\toolbar@spamratings.com
[2012.07.03 08:18:48 | 000,000,000 | ---D | M] (TrackMeNot) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\trackmenot@mrl.nyu.edu
[2012.07.03 08:18:48 | 000,000,000 | ---D | M] (Universal Behavioral Advertising Opt-out) -- C:\Users\fzx\AppData\Roaming\mozilla\Firefox\Profiles\ndcwzxb4.default\extensions\universal@dubfire.net
[2012.07.04 01:31:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programfiler\Mozilla Firefox\extensions
[2012.06.15 00:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Programfiler\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programfiler\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (Påloggingshjelp for Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programfiler\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programfiler\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programfiler\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programfiler\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programfiler\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Skytel] C:\Programfiler\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Unattend0000000001{A8125975-BD0D-4F01-8D64-0910B5C74BEE}] C:\Windows\System32\OEM\ConfigAp.cmd ()
O4 - Startup: C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackupManager.list ()
O9 - Extra Button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programfiler\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21AB569F-B6D4-4530-8A80-1CFE3152A085}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programfiler\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programfiler\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programfiler\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programfiler\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programfiler\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programfiler\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\ACER01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\ACER01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012.07.04 01:33:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\fzx\Desktop\OTL.exe
[2012.07.03 11:58:40 | 000,000,000 | ---D | C] -- C:\sardu
[2012.07.03 11:57:55 | 000,000,000 | ---D | C] -- C:\IDM
[2012.07.03 08:16:31 | 000,000,000 | ---D | C] -- C:\Users\fzx\Documents\iMacros
[2012.07.03 04:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.07.03 04:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012.07.03 00:57:02 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Local\ElevatedDiagnostics
[2012.07.03 00:49:29 | 000,000,000 | ---D | C] -- C:\fi
[2012.07.02 23:40:07 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\Apple Computer
[2012.07.02 23:33:21 | 000,000,000 | ---D | C] -- C:\sfzone_profile
[2012.07.02 23:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012.07.02 22:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2012.07.02 21:00:22 | 000,000,000 | ---D | C] -- C:\Users\fzx\Documents\sardu
[2012.07.02 20:36:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.07.02 19:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.07.02 19:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.02 19:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.02 19:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.07.02 15:59:23 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\vlc
[2012.07.02 15:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.07.02 13:13:50 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Local\Apple
[2012.07.02 13:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.07.02 13:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.07.01 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Local\Macromedia
[2012.07.01 03:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012.07.01 01:33:08 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\.oit
[2012.07.01 00:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\BeyondTrust
[2012.06.30 23:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.30 23:44:09 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSobi v2
[2012.06.30 23:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\UVK
[2012.06.30 15:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.30 14:26:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.06.30 13:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\UVK
[2012.06.30 11:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Group Policy
[2012.06.30 10:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\BeyondTrust
[2012.06.30 10:47:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012.06.30 10:46:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\BeyondTrust
[2012.06.30 10:46:37 | 000,000,000 | ---D | C] -- C:\Windows\BeyondTrust
[2012.06.30 10:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PuppetLabs
[2012.06.30 10:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Puppet Labs
[2012.06.30 10:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puppet
[2012.06.30 05:56:33 | 000,000,000 | ---D | C] -- C:\Users\fzx\Documents\Security
[2012.06.30 04:14:41 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\Process Hacker 2
[2012.06.30 04:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2012.06.30 04:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2012.06.30 02:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\WinImage
[2012.06.30 01:57:40 | 000,000,000 | ---D | C] -- C:\revision
[2012.06.30 01:45:48 | 000,000,000 | ---D | C] -- C:\avast! sandbox
[2012.06.30 00:38:52 | 000,380,928 | ---- | C] (Acer Incorporated) -- C:\Windows\AcerStore.exe
[2012.06.30 00:35:31 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.06.30 00:35:31 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.06.30 00:35:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.30 00:35:30 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.30 00:35:29 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.30 00:35:29 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.06.30 00:35:29 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2012.06.30 00:35:28 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.06.30 00:35:27 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.30 00:34:21 | 002,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.30 00:33:57 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012.06.30 00:33:57 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012.06.30 00:33:57 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012.06.30 00:33:57 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012.06.30 00:33:57 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2012.06.30 00:31:16 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2012.06.30 00:31:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2012.06.30 00:30:56 | 003,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.06.30 00:30:55 | 003,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.06.30 00:30:55 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012.06.30 00:30:55 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2012.06.30 00:30:55 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2012.06.30 00:30:55 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2012.06.30 00:30:55 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2012.06.30 00:30:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012.06.30 00:30:55 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2012.06.30 00:30:31 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2012.06.30 00:30:31 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2012.06.30 00:26:49 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012.06.30 00:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.1.1 Home Edition
[2012.06.30 00:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-TW
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-HK
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-CN
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\uk-UA
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\tr-TR
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\th-TH
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sv-SE
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sr-Latn-CS
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sl-SI
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sk-SK
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ru-RU
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ro-RO
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-PT
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-BR
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pl-PL
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nl-NL
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\lv-LV
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\lt-LT
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ko-KR
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ja-JP
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\it-IT
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\hu-HU
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\hr-HR
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\he-IL
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fr-FR
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fi-FI
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\et-EE
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\es-ES
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\el-GR
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\de-DE
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\da-DK
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\cs-CZ
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\bg-BG
[2012.06.30 00:24:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ar-SA
[2012.06.30 00:24:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2012.06.30 00:24:14 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2012.06.30 00:24:12 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\bthport.sys.mui
[2012.06.30 00:24:12 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-HK\bthport.sys.mui
[2012.06.30 00:24:11 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\bthport.sys.mui
[2012.06.30 00:24:11 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\uk-UA\bthport.sys.mui
[2012.06.30 00:24:11 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\bthport.sys.mui
[2012.06.30 00:24:11 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\bthport.sys.mui
[2012.06.30 00:24:11 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\bthport.sys.mui
[2012.06.30 00:24:11 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sl-SI\bthport.sys.mui
[2012.06.30 00:24:11 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\bthport.sys.mui
[2012.06.30 00:24:10 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\bthport.sys.mui
[2012.06.30 00:24:10 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\bthport.sys.mui
[2012.06.30 00:24:10 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\bthport.sys.mui
[2012.06.30 00:24:10 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\bthport.sys.mui
[2012.06.30 00:24:10 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\bthport.sys.mui
[2012.06.30 00:24:10 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sk-SK\bthport.sys.mui
[2012.06.30 00:24:10 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\bthport.sys.mui
[2012.06.30 00:24:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\lv-LV\bthport.sys.mui
[2012.06.30 00:24:09 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\bthport.sys.mui
[2012.06.30 00:24:09 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\bthport.sys.mui
[2012.06.30 00:24:09 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hr-HR\bthport.sys.mui
[2012.06.30 00:24:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\lt-LT\bthport.sys.mui
[2012.06.30 00:24:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\bthport.sys.mui
[2012.06.30 00:24:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\et-EE\bthport.sys.mui
[2012.06.30 00:24:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\bthport.sys.mui
[2012.06.30 00:24:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\bthport.sys.mui
[2012.06.30 00:24:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\bthport.sys.mui
[2012.06.30 00:24:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\bthport.sys.mui
[2012.06.30 00:24:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\bthport.sys.mui
[2012.06.30 00:24:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\bthport.sys.mui
[2012.06.30 00:24:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bg-BG\bthport.sys.mui
[2012.06.30 00:24:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\bthport.sys.mui
[2012.06.30 00:24:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\bthport.sys.mui
[2012.06.30 00:24:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\bthport.sys.mui
[2012.06.30 00:24:07 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2012.06.30 00:24:07 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2012.06.30 00:24:07 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2012.06.30 00:24:07 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2012.06.30 00:24:07 | 000,291,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2012.06.30 00:24:07 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2012.06.30 00:24:07 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2012.06.30 00:24:07 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2012.06.30 00:24:07 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2012.06.30 00:24:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2012.06.30 00:24:07 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2012.06.30 00:24:07 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2012.06.30 00:24:07 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2012.06.30 00:24:07 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2012.06.30 00:24:07 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthport.sys.mui
[2012.06.30 00:22:55 | 003,666,432 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\NETw5v32.sys
[2012.06.30 00:22:55 | 002,756,608 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NETw5r32.dll
[2012.06.30 00:22:55 | 000,663,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NETw5c32.dll
[2012.06.30 00:22:40 | 000,026,928 | ---- | C] (Egis) -- C:\Windows\System32\drivers\FPSensor.sys
[2012.06.30 00:22:23 | 001,202,560 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys
[2012.06.30 00:22:23 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2012.06.30 00:22:23 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2012.06.30 00:22:23 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrscoin.dll
[2012.06.30 00:21:59 | 013,605,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012.06.30 00:21:59 | 009,019,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012.06.30 00:21:59 | 007,545,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012.06.30 00:21:59 | 005,976,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012.06.30 00:21:59 | 005,806,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispsr.dll
[2012.06.30 00:21:59 | 004,155,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvvitvsr.dll
[2012.06.30 00:21:59 | 004,000,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdisps.dll
[2012.06.30 00:21:59 | 003,770,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvvitvs.dll
[2012.06.30 00:21:59 | 003,463,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgamesr.dll
[2012.06.30 00:21:59 | 003,451,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgames.dll
[2012.06.30 00:21:59 | 002,988,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwssr.dll
[2012.06.30 00:21:59 | 002,861,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmoblsr.dll
[2012.06.30 00:21:59 | 002,697,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwss.dll
[2012.06.30 00:21:59 | 002,503,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012.06.30 00:21:59 | 001,470,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012.06.30 00:21:59 | 001,255,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmobls.dll
[2012.06.30 00:21:59 | 000,929,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2012.06.30 00:21:59 | 000,735,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012.06.30 00:21:59 | 000,520,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012.06.30 00:21:59 | 000,465,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccssr.dll
[2012.06.30 00:21:59 | 000,453,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuhda.exe
[2012.06.30 00:21:59 | 000,453,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe
[2012.06.30 00:21:59 | 000,236,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccs.dll
[2012.06.30 00:21:59 | 000,221,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\oemdspif.dll
[2012.06.30 00:21:59 | 000,195,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccss.dll
[2012.06.30 00:21:59 | 000,143,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcolor.exe
[2012.06.30 00:21:59 | 000,135,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcohda.dll
[2012.06.30 00:21:59 | 000,135,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod140.dll
[2012.06.30 00:21:59 | 000,135,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2012.06.30 00:21:59 | 000,096,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhotkey.dll
[2012.06.30 00:21:59 | 000,092,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012.06.30 00:21:59 | 000,057,344 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\nvapo32v.dll
[2012.06.30 00:21:59 | 000,052,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2012.06.30 00:21:59 | 000,045,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccsrs.dll
[2012.06.30 00:21:59 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nvhdap32.dll
[2012.06.30 00:21:58 | 000,795,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe
[2012.06.30 00:21:45 | 000,020,480 | ---- | C] (Wistron Corp.) -- C:\Windows\PATCHFUL.EXE
[2012.06.30 00:21:45 | 000,000,000 | ---D | C] -- C:\Windows\Lan
[2012.06.29 23:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
[2012.06.29 23:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\HxD
[2012.06.29 22:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 6.0
[2012.06.29 22:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\MiniTool Partition Wizard Home Edition 6.0
[2012.06.29 22:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.06.29 22:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\PTDD Group
[2012.06.29 22:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTDD Partition Table Doctor 3.5 Demo
[2012.06.29 21:49:30 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\HD Tune Pro
[2012.06.29 21:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro
[2012.06.29 20:36:15 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
[2012.06.29 19:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2012.06.29 18:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\File Recovery
[2012.06.29 18:43:38 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Local\Htc
[2012.06.29 18:42:59 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\HTC
[2012.06.29 18:42:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Acer
[2012.06.29 18:29:33 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Local\Downloaded Installations
[2012.06.29 18:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2012.06.29 18:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.06.29 18:25:21 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Local\Adobe
[2012.06.29 18:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012.06.29 18:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\BinaryBiz
[2012.06.29 17:52:18 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\TuneUp Software
[2012.06.29 17:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2012.06.29 17:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.06.29 17:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012.06.29 17:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2012.06.29 17:43:36 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\Mozilla
[2012.06.29 17:43:36 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Local\Mozilla
[2012.06.29 17:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.06.29 17:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.06.29 17:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.06.29 17:27:10 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\R-TT
[2012.06.29 17:27:08 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Undelete
[2012.06.29 17:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\R-Undelete
[2012.06.29 17:13:27 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio
[2012.06.29 17:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\R-Studio
[2012.06.29 17:10:57 | 000,000,000 | ---D | C] -- C:\Users\fzx\Documents\R-TT
[2012.06.29 17:10:57 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio Agent Emergency
[2012.06.29 17:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\R-Studio Agent Emergency
[2012.06.29 16:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.06.29 16:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.06.29 16:52:45 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\JAM Software
[2012.06.29 16:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2012.06.29 16:49:58 | 000,000,000 | ---D | C] -- C:\Users\fzx\IOption
[2012.06.29 16:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\BackupManager
[2012.06.29 16:30:52 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\IDM
[2012.06.29 16:30:52 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\DMCache
[2012.06.29 16:30:50 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012.06.29 16:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2012.06.29 16:25:48 | 000,000,000 | ---D | C] -- C:\Users\fzx\Option
[2012.06.29 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Bio Protection
[2012.06.29 16:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\Nuvoton Technology Corporation
[2012.06.29 16:09:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012.06.29 16:09:17 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012.06.29 16:08:59 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2012.06.29 16:08:57 | 001,777,664 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012.06.29 16:08:56 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012.06.29 16:08:56 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012.06.29 16:08:56 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012.06.29 16:08:56 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012.06.29 16:08:55 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2012.06.29 16:08:55 | 000,282,112 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\RTPCEE32.dll
[2012.06.29 16:08:54 | 002,523,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2012.06.29 16:08:54 | 001,003,040 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2012.06.29 16:08:54 | 000,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2012.06.29 16:08:54 | 000,045,600 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2012.06.29 16:08:51 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012.06.29 16:08:50 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012.06.29 16:08:50 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012.06.29 16:08:48 | 000,159,232 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[2012.06.29 16:08:48 | 000,141,312 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2012.06.29 16:08:48 | 000,060,416 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2012.06.29 16:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.06.29 16:08:47 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2012.06.29 16:08:46 | 000,528,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012.06.29 16:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.06.29 16:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2012.06.29 16:08:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2012.06.29 16:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012.06.29 16:08:20 | 000,000,000 | ---D | C] -- C:\CLSetup
[2012.06.29 16:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\AmIcoSingLun
[2012.06.29 16:00:35 | 000,000,000 | ---D | C] -- C:\Users\fzx\Documents\Mine Google Gadgets
[2012.06.29 16:00:32 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Local\Google
[2012.06.29 16:00:27 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Desktop
[2012.06.29 16:00:26 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\PowerCinema
[2012.06.29 16:00:19 | 000,000,000 | R--D | C] -- C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.06.29 16:00:19 | 000,000,000 | R--D | C] -- C:\Users\fzx\Searches
[2012.06.29 16:00:19 | 000,000,000 | R--D | C] -- C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.06.29 16:00:12 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\Identities
[2012.06.29 16:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Convesoft
[2012.06.29 16:00:10 | 000,000,000 | R--D | C] -- C:\Users\fzx\Contacts
[2012.06.29 16:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2012.06.29 15:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.06.29 15:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.06.29 15:58:26 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Local\VirtualStore
[2012.06.29 15:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.06.29 15:58:24 | 000,000,000 | --SD | C] -- C:\Users\fzx\AppData\Roaming\Microsoft
[2012.06.29 15:58:24 | 000,000,000 | R--D | C] -- C:\Users\fzx\Videos
[2012.06.29 15:58:24 | 000,000,000 | R--D | C] -- C:\Users\fzx\Saved Games
[2012.06.29 15:58:24 | 000,000,000 | R--D | C] -- C:\Users\fzx\Pictures
[2012.06.29 15:58:24 | 000,000,000 | R--D | C] -- C:\Users\fzx\Music
[2012.06.29 15:58:24 | 000,000,000 | R--D | C] -- C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.06.29 15:58:24 | 000,000,000 | R--D | C] -- C:\Users\fzx\Links
[2012.06.29 15:58:24 | 000,000,000 | R--D | C] -- C:\Users\fzx\Favorites
[2012.06.29 15:58:24 | 000,000,000 | R--D | C] -- C:\Users\fzx\Downloads
[2012.06.29 15:58:24 | 000,000,000 | R--D | C] -- C:\Users\fzx\Documents
[2012.06.29 15:58:24 | 000,000,000 | R--D | C] -- C:\Users\fzx\Desktop
[2012.06.29 15:58:24 | 000,000,000 | R--D | C] -- C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.06.29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Users\fzx\AppData\Local\Temporary Internet Files
[2012.06.29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Users\fzx\Start-meny
[2012.06.29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Users\fzx\Skrivere
[2012.06.29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Users\fzx\SendTo
[2012.06.29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Users\fzx\Recent
[2012.06.29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Users\fzx\Programdata
[2012.06.29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Users\fzx\AppData\Local\Programdata
[2012.06.29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Users\fzx\Mine dokumenter
[2012.06.29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Users\fzx\Documents\Mine bilder
[2012.06.29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Users\fzx\Documents\Min musikk

[2012.06.29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Users\fzx\Maler
[2012.06.29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Users\fzx\Lokale innstillinger
[2012.06.29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Users\fzx\AppData\Local\Logg
[2012.06.29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Users\fzx\Documents\Intern video
[2012.06.29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Users\fzx\Cookies
[2012.06.29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Users\fzx\AndrMask
[2012.06.29 15:58:24 | 000,000,000 | -H-D | C] -- C:\Users\fzx\AppData
[2012.06.29 15:58:24 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Local\Temp
[2012.06.29 15:58:24 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Local\Microsoft
[2012.06.29 15:58:24 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\Media Center Programs
[2012.06.29 15:58:24 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\Acer GameZone Console
[2012.06.29 15:54:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start-meny
[2012.06.29 15:54:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Skrivebord
[2012.06.29 15:54:22 | 000,000,000 | -HSD | C] -- C:\Programfiler
[2012.06.29 15:54:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Programdata
[2012.06.29 15:54:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mine bilder
[2012.06.29 15:54:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Min musikk
[2012.06.29 15:54:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Maler
[2012.06.29 15:54:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Intern video
[2012.06.29 15:54:22 | 000,000,000 | -HSD | C] -- C:\Program Files\Fellesfiler
[2012.06.29 15:54:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoritter
[2012.06.29 15:54:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenter
[2012.06.29 15:54:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2012.06.29 15:49:29 | 001,108,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2012.06.29 15:49:29 | 000,797,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe
[2012.06.29 15:49:29 | 000,420,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl
[2012.06.29 15:48:58 | 000,453,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe
[2012.06.29 15:45:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.06.29 15:44:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.06.29 15:41:34 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Local\EgisTec
[2012.06.29 15:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\EgisTec
[2012.06.29 15:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Inc
[2012.06.29 15:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\eSobi
[2012.06.29 15:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\eSobi
[2012.06.29 15:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\EgisTec Egis Software Update
[2012.06.29 15:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\EgisTec
[2012.06.29 15:33:21 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Local\Acer ePower Management V4
[2012.06.29 15:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\File Undelete
[2012.06.29 15:13:27 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\Macromedia
[2012.06.29 15:13:10 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\Acer
[2012.06.29 15:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2012.06.29 15:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2012.06.29 15:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K
[2012.06.29 15:11:13 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\Adobe
[2012.06.29 15:11:04 | 000,000,000 | ---D | C] -- C:\Users\fzx\AppData\Roaming\Google
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.04 01:37:13 | 000,008,268 | ---- | M] () -- C:\Users\fzx\AppData\Local\d3d9caps.dat
[2012.07.04 01:33:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\fzx\Desktop\OTL.exe
[2012.07.04 01:31:33 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.04 01:30:07 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.04 01:30:07 | 000,451,340 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2012.07.04 01:30:07 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.04 01:30:07 | 000,075,894 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2012.07.04 01:29:22 | 000,003,343 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2012.07.04 01:25:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.03 05:45:52 | 000,000,061 | ---- | M] () -- C:\Users\fzx\Desktop\UVKcf6.uvk
[2012.07.03 05:15:12 | 000,000,038 | ---- | M] () -- C:\Users\fzx\Desktop\UVKcf5.uvk
[2012.07.03 00:07:01 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.01 01:11:50 | 000,000,127 | ---- | M] () -- C:\Users\fzx\Desktop\UVKcf4.uvk
[2012.06.30 20:52:07 | 003,407,872 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2012.06.30 20:52:02 | 003,407,872 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2012.06.30 20:22:35 | 000,000,065 | ---- | M] () -- C:\Users\fzx\Desktop\UVKcf3.uvk
[2012.06.30 19:28:47 | 000,000,130 | ---- | M] () -- C:\Users\fzx\Desktop\UVKcf2.uvk
[2012.06.30 16:52:08 | 000,005,761 | ---- | M] () -- C:\Users\fzx\Desktop\MD5Report.htm
[2012.06.30 16:47:50 | 000,000,051 | ---- | M] () -- C:\Users\fzx\Desktop\UVKcf.uvk
[2012.06.30 10:46:58 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.06.30 09:52:51 | 000,003,924 | ---- | M] () -- C:\Users\fzx\AppData\Roaming\BackupManager.list
[2012.06.30 09:52:47 | 000,000,450 | ---- | M] () -- C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackupManager.list
[2012.06.30 09:47:43 | 000,003,924 | ---- | M] () -- C:\Users\fzx\AppData\Local\BackupManager.list
[2012.06.30 09:14:53 | 000,004,568 | -H-- | M] () -- C:\ProgramData\BackupManager.list
[2012.06.30 07:07:18 | 000,000,155 | ---- | M] () -- C:\Users\fzx\Documents\fz.xml
[2012.06.30 06:27:14 | 000,000,414 | ---- | M] () -- C:\Users\fzx\Documents\fx.xml
[2012.06.30 00:52:00 | 000,000,870 | -H-- | M] () -- C:\Users\Public\Documents\BackupManager.list
[2012.06.30 00:48:22 | 000,000,994 | ---- | M] () -- C:\Users\fzx\Documents\BackupManager.list
[2012.06.30 00:48:08 | 000,001,168 | ---- | M] () -- C:\Users\fzx\Desktop\BackupManager.list
[2012.06.30 00:38:53 | 000,002,541 | ---- | M] () -- C:\Windows\USER.XML
[2012.06.30 00:38:53 | 000,000,174 | RHS- | M] () -- C:\Preload.rev
[2012.06.30 00:35:31 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.06.30 00:35:31 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.06.30 00:35:31 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.30 00:35:30 | 000,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.30 00:35:29 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.30 00:35:29 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.06.30 00:35:29 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2012.06.30 00:35:28 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.06.30 00:35:27 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.30 00:34:21 | 002,033,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.30 00:33:57 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012.06.30 00:33:57 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012.06.30 00:33:57 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012.06.30 00:33:57 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2012.06.30 00:31:16 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2012.06.30 00:31:16 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2012.06.30 00:30:56 | 003,599,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.06.30 00:30:55 | 003,547,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.06.30 00:30:55 | 000,666,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012.06.30 00:30:55 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2012.06.30 00:30:55 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2012.06.30 00:30:55 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2012.06.30 00:30:55 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2012.06.30 00:30:55 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012.06.30 00:30:55 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2012.06.30 00:30:31 | 000,562,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2012.06.30 00:30:31 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2012.06.30 00:26:49 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012.06.30 00:24:12 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\bthport.sys.mui
[2012.06.30 00:24:12 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-HK\bthport.sys.mui
[2012.06.30 00:24:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\bthport.sys.mui
[2012.06.30 00:24:11 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\uk-UA\bthport.sys.mui
[2012.06.30 00:24:11 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\bthport.sys.mui
[2012.06.30 00:24:11 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\bthport.sys.mui
[2012.06.30 00:24:11 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\bthport.sys.mui
[2012.06.30 00:24:11 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sl-SI\bthport.sys.mui
[2012.06.30 00:24:11 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\bthport.sys.mui
[2012.06.30 00:24:10 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\bthport.sys.mui
[2012.06.30 00:24:10 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\bthport.sys.mui
[2012.06.30 00:24:10 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\bthport.sys.mui
[2012.06.30 00:24:10 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\bthport.sys.mui
[2012.06.30 00:24:10 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\bthport.sys.mui
[2012.06.30 00:24:10 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sk-SK\bthport.sys.mui
[2012.06.30 00:24:10 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\bthport.sys.mui
[2012.06.30 00:24:10 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\bthport.sys.mui
[2012.06.30 00:24:10 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lv-LV\bthport.sys.mui
[2012.06.30 00:24:09 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\bthport.sys.mui
[2012.06.30 00:24:09 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\bthport.sys.mui
[2012.06.30 00:24:09 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hr-HR\bthport.sys.mui
[2012.06.30 00:24:09 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lt-LT\bthport.sys.mui
[2012.06.30 00:24:09 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\bthport.sys.mui
[2012.06.30 00:24:09 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\et-EE\bthport.sys.mui
[2012.06.30 00:24:09 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\bthport.sys.mui
[2012.06.30 00:24:09 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\bthport.sys.mui
[2012.06.30 00:24:08 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\bthport.sys.mui
[2012.06.30 00:24:08 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\bthport.sys.mui
[2012.06.30 00:24:08 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\bthport.sys.mui
[2012.06.30 00:24:08 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\bthport.sys.mui
[2012.06.30 00:24:08 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bg-BG\bthport.sys.mui
[2012.06.30 00:24:08 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\bthport.sys.mui
[2012.06.30 00:24:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\bthport.sys.mui
[2012.06.30 00:24:08 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\bthport.sys.mui
[2012.06.30 00:24:07 | 002,134,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2012.06.30 00:24:07 | 000,968,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2012.06.30 00:24:07 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2012.06.30 00:24:07 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2012.06.30 00:24:07 | 000,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2012.06.30 00:24:07 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2012.06.30 00:24:07 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2012.06.30 00:24:07 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2012.06.30 00:24:07 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2012.06.30 00:24:07 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2012.06.30 00:24:07 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2012.06.30 00:24:07 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2012.06.30 00:24:07 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2012.06.30 00:24:07 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2012.06.30 00:24:07 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2012.06.30 00:24:07 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2012.06.30 00:24:07 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthport.sys.mui
[2012.06.30 00:24:07 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\bthport.sys.mui
[2012.06.29 21:49:37 | 000,002,456 | ---- | M] () -- C:\Users\fzx\BackupManager.list
[2012.06.29 19:35:43 | 000,000,000 | ---- | M] () -- C:\Users\fzx\Documents\settings.dat
[2012.06.29 16:10:04 | 000,008,710 | ---- | M] () -- C:\Windows\Factory.xml
[2012.06.29 16:10:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_nuvotonhidgeneric_01007.Wdf
[2012.06.29 16:09:00 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2012.06.29 16:08:20 | 000,000,020 | ---- | M] () -- C:\Medion.ini
[2012.06.29 16:00:13 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\Orion.lnk
[2012.06.29 15:54:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 15:54:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 15:54:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.06.29 15:52:52 | 000,060,553 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012.06.29 15:43:26 | 000,296,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.04 01:31:33 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.04 01:31:33 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.03 05:45:52 | 000,000,061 | ---- | C] () -- C:\Users\fzx\Desktop\UVKcf6.uvk
[2012.07.03 05:15:12 | 000,000,038 | ---- | C] () -- C:\Users\fzx\Desktop\UVKcf5.uvk
[2012.07.01 01:11:50 | 000,000,127 | ---- | C] () -- C:\Users\fzx\Desktop\UVKcf4.uvk
[2012.06.30 20:52:02 | 003,407,872 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2012.06.30 20:51:40 | 003,407,872 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2012.06.30 20:22:35 | 000,000,065 | ---- | C] () -- C:\Users\fzx\Desktop\UVKcf3.uvk
[2012.06.30 19:28:47 | 000,000,130 | ---- | C] () -- C:\Users\fzx\Desktop\UVKcf2.uvk
[2012.06.30 16:52:08 | 000,005,761 | ---- | C] () -- C:\Users\fzx\Desktop\MD5Report.htm
[2012.06.30 16:47:50 | 000,000,051 | ---- | C] () -- C:\Users\fzx\Desktop\UVKcf.uvk
[2012.06.30 09:52:51 | 000,003,924 | ---- | C] () -- C:\Users\fzx\AppData\Roaming\BackupManager.list
[2012.06.30 09:52:31 | 000,006,150 | ---- | C] () -- C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BackupManager.list
[2012.06.30 09:47:41 | 000,003,924 | ---- | C] () -- C:\Users\fzx\AppData\Local\BackupManager.list
[2012.06.30 09:14:51 | 000,004,568 | -H-- | C] () -- C:\ProgramData\BackupManager.list
[2012.06.30 07:07:18 | 000,000,155 | ---- | C] () -- C:\Users\fzx\Documents\fz.xml
[2012.06.30 06:25:40 | 000,000,414 | ---- | C] () -- C:\Users\fzx\Documents\fx.xml
[2012.06.30 00:52:00 | 000,000,870 | -H-- | C] () -- C:\Users\Public\Documents\BackupManager.list
[2012.06.30 00:48:22 | 000,000,994 | ---- | C] () -- C:\Users\fzx\Documents\BackupManager.list
[2012.06.30 00:48:08 | 000,001,168 | ---- | C] () -- C:\Users\fzx\Desktop\BackupManager.list
[2012.06.30 00:38:54 | 000,004,520 | -HS- | C] () -- C:\Patch.rev
[2012.06.30 00:38:52 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2012.06.30 00:21:59 | 000,201,766 | ---- | C] () -- C:\Windows\System32\nvapps.xml
[2012.06.30 00:21:59 | 000,039,583 | ---- | C] () -- C:\Windows\System32\nvwsapps.xml
[2012.06.30 00:21:59 | 000,009,277 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2012.06.30 00:21:59 | 000,001,255 | ---- | C] () -- C:\Windows\System32\nvhda.nvu
[2012.06.30 00:21:45 | 000,002,541 | ---- | C] () -- C:\Windows\USER.XML
[2012.06.30 00:21:45 | 000,000,274 | ---- | C] () -- C:\Windows\LAUNAPP.REG
[2012.06.29 23:15:01 | 000,000,450 | ---- | C] () -- C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackupManager.list
[2012.06.29 21:49:37 | 000,002,456 | ---- | C] () -- C:\Users\fzx\BackupManager.list
[2012.06.29 19:35:43 | 000,000,000 | ---- | C] () -- C:\Users\fzx\Documents\settings.dat
[2012.06.29 16:10:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_nuvotonhidgeneric_01007.Wdf
[2012.06.29 16:08:59 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2012.06.29 16:08:59 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2012.06.29 16:08:59 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2012.06.29 16:08:59 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2012.06.29 16:08:59 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2012.06.29 16:08:59 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012.06.29 16:08:20 | 000,000,020 | ---- | C] () -- C:\Medion.ini
[2012.06.29 16:00:20 | 000,000,953 | ---- | C] () -- C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.29 16:00:19 | 000,000,948 | ---- | C] () -- C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.06.29 16:00:13 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\Orion.lnk
[2012.06.29 16:00:13 | 000,001,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orion.lnk
[2012.06.29 16:00:08 | 000,000,919 | ---- | C] () -- C:\Users\fzx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.06.29 15:54:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.06.29 15:41:18 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.06.29 15:41:18 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.06.29 15:41:15 | 000,008,268 | ---- | C] () -- C:\Users\fzx\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012.07.01 01:46:34 | 000,000,000 | ---D | M] -- C:\Users\fzx\AppData\Roaming\.oit
[2012.06.30 09:49:21 | 000,000,000 | ---D | M] -- C:\Users\fzx\AppData\Roaming\Acer
[2012.06.30 23:47:39 | 000,000,000 | ---D | M] -- C:\Users\fzx\AppData\Roaming\Acer GameZone Console
[2012.07.02 23:14:21 | 000,000,000 | ---D | M] -- C:\Users\fzx\AppData\Roaming\DMCache
[2012.06.29 23:10:06 | 000,000,000 | ---D | M] -- C:\Users\fzx\AppData\Roaming\HD Tune Pro
[2012.06.30 09:49:37 | 000,000,000 | ---D | M] -- C:\Users\fzx\AppData\Roaming\HTC
[2012.07.03 02:56:45 | 000,000,000 | ---D | M] -- C:\Users\fzx\AppData\Roaming\IDM
[2012.06.30 09:50:59 | 000,000,000 | ---D | M] -- C:\Users\fzx\AppData\Roaming\JAM Software
[2012.06.30 00:47:35 | 000,000,000 | ---D | M] -- C:\Users\fzx\AppData\Roaming\PowerCinema
[2012.06.30 11:21:50 | 000,000,000 | ---D | M] -- C:\Users\fzx\AppData\Roaming\Process Hacker 2
[2012.06.30 00:47:47 | 000,000,000 | ---D | M] -- C:\Users\fzx\AppData\Roaming\R-TT
[2012.06.30 00:47:49 | 000,000,000 | ---D | M] -- C:\Users\fzx\AppData\Roaming\TuneUp Software
[2009.03.04 02:04:03 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009.03.04 02:04:03 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2012.06.29 15:50:16 | 000,011,476 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2012.06.30 00:24:07 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidclass.sys
[2012.06.30 00:24:07 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidparse.sys
[2012.06.30 00:24:07 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidusb.sys
[2012.06.30 00:27:05 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srv.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2012.07.02 23:28:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$IOYY4NQ
[2012.07.02 23:28:39 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$IYNMM74
[2012.06.29 16:00:24 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\desktop.ini
[2012.06.29 19:22:07 | 000,000,020 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\aswResp.dat
[2012.06.29 20:40:05 | 000,005,584 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\db1ccb2c30793fb99-7aa726fb.dat
[2012.06.30 22:46:08 | 000,235,504 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\db1cd55fd3b4db2e9-ccdf8bfe.dat
[2012.06.30 10:38:45 | 000,265,768 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\db1cd560e7730cad7-fc7a5a9e.dat
[2012.06.30 22:46:10 | 000,057,344 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\FileInfo2.db
[2012.06.30 22:46:08 | 000,067,584 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Fw.db
[2012.06.29 17:44:20 | 000,001,505 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\license.avastlic
[2012.06.30 22:46:10 | 000,077,824 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Log.db
[2012.03.07 00:44:48 | 000,015,320 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\snx_gconfig.xml
[2012.06.30 22:41:32 | 000,001,302 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\snx_lconfig.xml
[2012.06.30 22:46:06 | 003,849,216 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\URL.db
[2012.06.30 22:37:16 | 000,000,114 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\chest\index.xml
[2012.06.30 20:25:55 | 000,002,864 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\fw\config.xml
[2012.03.07 00:43:39 | 001,156,240 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\fw\geoip.dat
[2012.03.07 00:43:39 | 000,410,433 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\fw\macaddr.db
[2012.06.30 22:37:13 | 000,001,404 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\fw\NetProfiles.xml
[2012.06.30 22:41:11 | 000,001,436 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\fw\networks.xml
[2012.06.30 22:41:11 | 000,011,906 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\fw\ports.xml
[2012.06.30 22:41:11 | 000,114,488 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\fw\rules.xml
[2012.03.07 00:43:39 | 000,001,981 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\HtmlData\Blocked.htm
[2012.03.07 00:43:39 | 000,012,039 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\HtmlData\image001.png
[2012.06.29 18:59:32 | 000,000,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\log\aralog.log
[2012.06.30 13:17:20 | 000,000,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\log\AshWebSv.ws
[2012.06.30 03:39:39 | 000,049,306 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\log\AshWebSv.ws.ori
[2012.06.30 22:46:10 | 000,008,570 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\log\aswAr.log
[2012.06.30 20:26:39 | 000,011,282 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\log\autosandbox.log
[2012.06.30 09:08:34 | 000,004,856 | -H-- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\log\BackupManager.list
[2012.06.30 22:46:09 | 000,000,392 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\log\Chest.log
[2012.06.30 22:37:13 | 000,000,560 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\log\Firewall.log
[2012.06.30 16:22:38 | 000,002,075 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\log\HtmlRemoteContent.log
[2012.06.30 22:42:28 | 000,099,596 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\log\Logging.log
[2012.06.30 22:37:16 | 000,012,800 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\log\Mail.log
[2012.06.29 17:47:56 | 000,000,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\log\nshield.log
[2012.06.30 22:37:15 | 000,074,094 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\log\selfdef.log
[2012.06.30 22:38:04 | 001,044,762 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\log\Setup.log
[2012.06.30 22:38:11 | 000,005,733 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\log\SpamEngine.log
[2012.06.30 22:42:53 | 001,916,102 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\log\usntr.log
[2012.06.29 21:37:05 | 000,000,002 | -H-- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\moved\BackupManager.list
[2012.06.30 09:08:43 | 000,002,706 | -H-- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\report\BackupManager.list
[2012.06.30 22:41:23 | 000,005,545 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\report\BehaviorShield.txt
[2012.06.30 22:37:17 | 000,001,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\report\EmailShield.txt
[2012.06.30 22:37:17 | 000,001,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\report\FileSystemShield.txt
[2012.06.30 22:37:17 | 000,001,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\report\IMShield.txt
[2012.06.30 22:37:17 | 000,001,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\report\NetworkShield.txt
[2012.06.30 22:37:17 | 000,001,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\report\P2PShield.txt
[2012.06.30 22:37:17 | 000,001,107 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\report\ScriptShield.txt
[2012.06.30 22:37:17 | 000,001,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\report\WebShield.txt
[2012.03.07 00:44:13 | 000,024,164 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\sounds\fw_question.wav
[2012.03.07 00:44:13 | 000,024,654 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\sounds\scan_completed.wav
[2012.03.07 00:44:13 | 000,021,178 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\sounds\threat_detected.wav
[2012.03.07 00:44:13 | 000,012,992 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\sounds\virus_db_updated.wav
[2012.06.29 17:47:57 | 000,000,032 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\productid
[2012.06.30 22:37:16 | 000,003,328 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\rkd
[2012.06.30 22:37:17 | 000,703,646 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc1.bin
[2012.06.29 20:42:46 | 000,703,646 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc1.bin.full.2012.06.29.18.03.36
[2012.06.30 02:03:20 | 000,000,800 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc1.bin.incr.2012.06.29.22.55.16
[2012.06.30 05:39:45 | 000,000,216 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc1.bin.incr.2012.06.30.01.17.42
[2012.06.30 20:26:33 | 000,000,616 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc1.bin.incr.2012.06.30.16.07.18
[2012.06.29 18:01:46 | 000,253,344 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.full.2012.06.26.16.01.06
[2012.06.29 18:46:14 | 000,000,104 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.26.17.01.08
[2012.06.29 18:46:14 | 000,000,096 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.26.18.01.07
[2012.06.29 18:46:14 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.26.19.01.06
[2012.06.29 18:46:15 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.26.20.01.11
[2012.06.29 18:46:15 | 000,000,096 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.26.21.01.11
[2012.06.29 18:46:18 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.27.10.01.10
[2012.06.29 18:46:19 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.27.12.01.13
[2012.06.29 18:46:19 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.27.16.02.04
[2012.06.29 18:46:22 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.27.17.01.07
[2012.06.29 18:46:23 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.27.18.01.10
[2012.06.29 18:46:23 | 000,000,104 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.27.19.01.10
[2012.06.29 18:46:23 | 000,000,096 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.28.05.02.01
[2012.06.29 18:46:24 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.28.12.01.08
[2012.06.29 18:46:24 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.28.13.01.11
[2012.06.29 18:46:24 | 000,000,104 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.28.14.01.06
[2012.06.29 18:46:24 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.28.15.01.09
[2012.06.29 18:46:25 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.28.16.01.28
[2012.06.29 18:46:25 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.28.22.01.09
[2012.06.29 18:46:25 | 000,000,096 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.29.01.01.07
[2012.06.29 18:46:26 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.29.02.01.06
[2012.06.29 18:46:26 | 000,000,104 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.29.08.01.11
[2012.06.29 18:46:26 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.29.13.01.08
[2012.06.29 20:53:10 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.29.17.01.31
[2012.06.29 20:53:11 | 000,000,104 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.29.18.01.11
[2012.06.29 21:48:27 | 000,000,080 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.29.19.01.06
[2012.06.30 20:26:33 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.30.13.01.06
[2012.06.30 22:37:22 | 000,000,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.30.18.01.42
[2012.06.30 22:37:22 | 000,000,096 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc17.bin.incr.2012.06.30.19.01.07
[2012.06.29 18:01:49 | 001,555,912 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc18.bin.full.2012.03.28.21.24.52
[2012.06.29 18:01:44 | 000,000,752 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc19.bin.full.2010.02.05.01.51.49
[2012.06.30 22:37:17 | 000,009,990 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc2.bin
[2012.03.07 00:46:46 | 000,009,990 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc2.bin.full.2005.02.11.04.44.13
[2012.06.29 17:48:15 | 000,000,960 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\sc21.bin.full.2012.06.19.09.02.32
[2012.06.30 20:28:23 | 000,000,035 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\spamcatcher.conf
[3 c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\*.tmp files -> c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$ROYY4NQ\Spamconf\*.tmp -> ]
[2012.06.30 20:28:23 | 000,000,175 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\aswJsFlt.dll.sum
[2012.03.07 01:15:38 | 000,059,236 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\aswSidebar.gadget
[2012.03.07 00:43:53 | 000,000,398 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\1044\aswClnTg.htm
[2012.03.07 00:43:53 | 000,000,220 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\1044\aswClnTg.txt
[2012.03.07 00:43:53 | 000,000,611 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\1044\aswInfTg.htm
[2012.03.07 00:43:53 | 000,000,428 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\1044\aswInfTg.txt
[2012.03.07 01:02:57 | 000,113,526 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\1044\Avast5_1044.chm
[2012.06.30 22:38:04 | 000,314,020 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\acshort.map
[2012.06.30 21:07:44 | 000,071,731 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\certs.map
[2012.06.30 21:00:35 | 000,047,644 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_dex.dat
[2012.06.30 21:06:14 | 000,002,755 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_dex.map
[2012.06.30 21:00:35 | 000,092,624 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_dyna.dat
[2012.06.30 21:06:14 | 000,001,408 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_dyna.map
[2012.06.30 21:00:34 | 000,014,788 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_el.dat
[2012.06.30 21:00:35 | 000,015,616 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_elf.dat
[2012.06.30 21:06:14 | 000,001,742 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_elf.map
[2012.06.30 21:00:35 | 000,003,264 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_elfa.dat
[2012.06.30 21:06:14 | 000,000,182 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_elfa.map
[2012.06.30 20:50:38 | 000,015,150 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_evope.dat
[2012.06.30 21:00:37 | 000,162,776 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_java.dat
[2012.06.30 21:06:14 | 000,004,841 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_java.map
[2012.06.30 21:03:46 | 000,911,876 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_js.dat
[2012.06.30 21:06:14 | 000,023,425 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_js.map
[2012.06.30 21:00:40 | 000,001,060 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_mx4.dat
[2012.06.30 21:06:14 | 000,000,081 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_mx4.map
[2012.06.30 21:00:40 | 000,005,680 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_mx95.dat
[2012.06.30 21:06:14 | 000,000,517 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_mx95.map
[2012.06.30 21:00:40 | 000,079,728 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_o7.dat
[2012.06.30 21:06:14 | 000,010,758 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_o7.map
[2012.06.30 21:00:41 | 000,239,648 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_ob2.dat
[2012.06.30 21:03:55 | 034,398,744 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_pe2.dat
[2012.06.30 21:01:06 | 007,234,326 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_pe3.dat
[2012.06.30 21:00:40 | 000,005,840 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_swf.dat
[2012.06.30 21:06:14 | 000,000,313 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_swf.map
[2012.06.30 21:01:15 | 000,889,252 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_tx.dat
[2012.06.30 21:02:35 | 009,981,994 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_u.dat
[2012.06.30 21:00:39 | 000,066,344 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_w6.dat
[2012.06.30 21:06:14 | 000,007,360 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_w6.map
[2012.06.30 21:02:41 | 002,519,740 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_wh2.dat
[2012.06.30 21:06:14 | 000,005,985 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\db_xtn.map
[2008.12.04 16:09:29 | 000,309,912 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\dllcc.dat
[2012.06.30 21:07:46 | 000,001,766 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\list_d.txt
[2012.06.30 21:07:45 | 000,003,709 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\list_i.txt
[2012.06.30 22:38:04 | 015,602,270 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\lshe3.map
[2012.06.30 22:38:01 | 000,019,516 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\l_idx.map
[2012.06.30 21:03:37 | 000,495,381 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\l_nmp.map
[2012.06.30 20:06:57 | 000,655,672 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\sc_dst.dat
[2012.06.30 20:06:57 | 000,600,792 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\sc_src.dat
[2012.06.29 18:00:12 | 000,572,168 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\Sf.bin
[2012.06.29 18:00:14 | 000,079,304 | ---- | M] (AVAST Software) -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\Sf1.bin
[2012.06.30 22:38:01 | 000,000,932 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\sl_idx.map
[2012.06.30 21:03:37 | 000,041,196 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\sl_nmp.map
[2012.06.30 22:38:01 | 000,000,072 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\s_idx.map
[2012.06.30 21:03:37 | 000,007,518 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\s_nmp.map
[2011.06.03 13:55:23 | 002,078,437 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\defs\12063001\whitelist.db
[2012.03.07 00:43:38 | 000,000,032 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\flash\amcharts_key.txt
[2012.03.07 00:43:38 | 000,054,564 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\flash\amline.swf
[2012.03.07 00:43:38 | 000,051,220 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\flash\ammap\ammap.swf
[2012.03.07 00:43:38 | 000,000,030 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\flash\ammap\ammap_key.txt
[2012.03.07 00:43:38 | 000,003,889 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\flash\ammap\ammap_settings_summary.xml
[2012.03.07 00:43:38 | 000,005,298 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\flash\ammap\ammap_settings_tracert.xml
[2012.03.07 00:43:38 | 000,011,145 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\flash\ammap\empty_map.xml
[2012.03.07 00:43:38 | 000,000,076 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\flash\ammap\icons\arrow.swf
[2012.03.07 00:43:38 | 000,000,217 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\flash\ammap\icons\bubble.swf
[2012.03.07 00:43:38 | 000,000,234 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\flash\ammap\icons\cross.swf
[2012.03.07 00:43:38 | 000,000,378 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\flash\ammap\icons\flag.swf
[2012.03.07 00:43:38 | 000,000,382 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\flash\ammap\icons\pin.swf
[2012.03.07 00:43:38 | 000,000,198 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\flash\ammap\icons\zoom_out.swf
[2012.03.07 00:43:38 | 000,127,702 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\flash\ammap\maps\world.swf
[2011.02.22 18:14:52 | 000,015,471 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\License\EULA_Avast_Free.txt
[2011.02.22 18:13:40 | 000,017,649 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\License\EULA_Avast_Pro_IS.txt
[2012.03.07 00:43:39 | 000,000,244 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\Setup\fw_config.ori
[2012.03.07 00:43:39 | 000,410,433 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\Setup\fw_macaddr.db.ori
[2012.03.07 00:43:39 | 000,001,422 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\Setup\fw_networks.ori
[2012.03.07 00:43:39 | 000,011,902 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\Setup\fw_ports.ori
[2012.03.07 00:43:39 | 000,012,792 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\Setup\fw_rules.ori
[2012.06.29 15:27:33 | 000,078,592 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\Setup\servers.def
[2012.06.29 15:27:33 | 000,078,592 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\Setup\servers.def.lkg
[2012.03.07 01:20:46 | 000,213,552 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\Setup\setiface.ovr
[2012.03.07 00:45:47 | 000,004,744 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\Setup\settings.ori
[2012.06.30 22:38:04 | 000,837,238 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\Setup\setup.log
[2012.03.07 01:20:47 | 006,426,672 | ---- | M] (AVAST Software) -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\Setup\setup.ovr
[2012.06.30 22:38:05 | 000,000,956 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\Setup\summary.txt
[2010.12.22 14:39:08 | 000,003,942 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\sfzone\chrome_plugins_file.xml
[2011.02.23 12:52:33 | 000,001,491 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\sfzone\license.txt
[2011.02.18 11:22:39 | 000,000,158 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\sfzone\master_preferences
[2011.02.21 14:23:19 | 000,417,620 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\sfzone\resources.pak
[2012.03.07 01:12:23 | 000,375,950 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\Chrome\AswWebRepChrome.crx
[2012.03.07 00:50:14 | 000,004,739 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\dump.html
[2012.03.07 01:12:17 | 000,000,907 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\install.rdf
[2012.03.07 00:50:14 | 000,000,240 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\test.html
[2012.03.07 00:50:14 | 000,001,176 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\content\about.xul
[2012.03.07 00:50:14 | 000,014,763 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\content\overlay.xul
[2012.03.07 00:50:11 | 000,001,655 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\ar-SA\wrc.dtd
[2012.03.07 00:50:11 | 000,001,794 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\be-BY\wrc.dtd
[2012.03.07 00:50:11 | 000,001,631 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\bg-BG\wrc.dtd
[2012.03.07 00:50:10 | 000,001,395 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\ca-ES\wrc.dtd
[2012.03.07 00:50:11 | 000,001,375 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\cs-CZ\wrc.dtd
[2012.03.07 00:50:11 | 000,001,310 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\da-DK\wrc.dtd
[2012.03.07 00:50:11 | 000,001,371 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\de-DE\wrc.dtd
[2012.03.07 00:50:11 | 000,001,675 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\el-GR\wrc.dtd
[2012.03.07 00:50:11 | 000,001,284 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\en-GB\wrc.dtd
[2012.01.12 18:08:30 | 000,000,238 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\en-US\about.dtd
[2012.03.07 00:50:10 | 000,001,281 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\en-US\wrc.dtd
[2012.03.07 00:50:11 | 000,001,353 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\es-ES\wrc.dtd
[2012.03.07 00:50:11 | 000,001,330 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\et-EE\wrc.dtd
[2012.03.07 00:50:11 | 000,001,400 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\fi-FI\wrc.dtd
[2012.03.07 00:50:11 | 000,001,369 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\fr-FR\wrc.dtd
[2012.03.07 00:50:11 | 000,001,542 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\he-IL\wrc.dtd
[2012.03.07 00:50:11 | 000,001,286 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\hr-HR\wrc.dtd
[2012.03.07 00:50:10 | 000,001,423 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\hu-HU\wrc.dtd
[2012.03.07 00:50:11 | 000,001,333 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\id-ID\wrc.dtd
[2012.03.07 00:50:10 | 000,001,327 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\it-IT\wrc.dtd
[2012.03.07 00:50:11 | 000,001,535 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\ja-JP\wrc.dtd
[2012.03.07 00:50:11 | 000,001,381 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\ko-KR\wrc.dtd
[2012.03.07 00:50:11 | 000,001,316 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\nb-NO\wrc.dtd
[2012.03.07 00:50:11 | 000,001,345 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\nl-NL\wrc.dtd
[2012.03.07 00:50:11 | 000,001,382 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\pl-PL\wrc.dtd
[2012.03.07 00:50:11 | 000,001,322 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\pt-BR\wrc.dtd
[2012.03.07 00:50:11 | 000,001,325 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\pt-PT\wrc.dtd
[2012.03.07 00:50:11 | 000,001,350 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\ro-RO\wrc.dtd
[2012.03.07 00:50:11 | 000,001,780 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\ru-RU\wrc.dtd
[2012.03.07 00:50:11 | 000,001,364 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\sk-SK\wrc.dtd
[2012.03.07 00:50:10 | 000,001,329 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\sl-SI\wrc.dtd
[2012.03.07 00:50:11 | 000,001,336 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\sv-SE\wrc.dtd
[2012.03.07 00:50:11 | 000,001,946 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\th-TH\wrc.dtd
[2012.03.07 00:50:11 | 000,001,309 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\tr-TR\wrc.dtd
[2012.03.07 00:50:11 | 000,001,711 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\uk-UA\wrc.dtd
[2012.03.07 00:50:11 | 000,001,506 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\ur-PK\wrc.dtd
[2012.03.07 00:50:11 | 000,001,496 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\vi-VN\wrc.dtd
[2012.03.07 00:50:10 | 000,001,288 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\zh-CN\wrc.dtd
[2012.03.07 00:50:11 | 000,001,325 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\locale\zh-TW\wrc.dtd
[2012.03.07 00:50:14 | 000,000,529 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\background-body.jpg
[2012.03.07 00:50:14 | 000,000,267 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\close.png
[2012.03.07 00:50:14 | 000,004,975 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\logo.jpg
[2012.03.07 00:50:14 | 000,008,947 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\overlay.css
[2012.03.07 00:50:14 | 000,028,257 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\wrc ico 16x16px a 24x24px.zip
[2012.03.07 00:50:14 | 000,001,416 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 16x16px\green1-16.png
[2012.03.07 00:50:14 | 000,001,430 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 16x16px\green2-16.png
[2012.03.07 00:50:14 | 000,001,406 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 16x16px\green3-16.png
[2012.03.07 00:50:14 | 000,001,441 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 16x16px\grey0-16.png
[2012.03.07 00:50:14 | 000,001,451 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 16x16px\grey3-16.png
[2012.03.07 00:50:14 | 000,001,389 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 16x16px\orange1-16.png
[2012.03.07 00:50:14 | 000,001,406 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 16x16px\orange2-16.png
[2012.03.07 00:50:14 | 000,001,363 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 16x16px\orange3-16.png
[2012.03.07 00:50:14 | 000,001,376 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 16x16px\red1-16.png
[2012.03.07 00:50:14 | 000,001,386 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 16x16px\red2-16.png
[2012.03.07 00:50:14 | 000,001,361 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 16x16px\red3-16.png
[2012.03.07 00:50:14 | 000,001,337 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 16x16px\yellow1-16.png
[2012.03.07 00:50:14 | 000,001,345 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 16x16px\yellow2-16.png
[2012.03.07 00:50:14 | 000,001,302 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 16x16px\yellow3-16.png
[2012.03.07 00:50:14 | 000,001,665 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 24x24px\green1-24.png
[2012.03.07 00:50:14 | 000,001,665 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 24x24px\green2-24.png
[2012.03.07 00:50:14 | 000,001,611 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 24x24px\green3-24.png
[2012.03.07 00:50:14 | 000,001,606 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 24x24px\grey0-24.png
[2012.03.07 00:50:14 | 000,001,608 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 24x24px\grey3-24.png
[2012.03.07 00:50:14 | 000,001,513 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 24x24px\orange1-24.png
[2012.03.07 00:50:14 | 000,001,502 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 24x24px\orange2-24.png
[2012.03.07 00:50:14 | 000,001,456 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 24x24px\orange3-24.png
[2012.03.07 00:50:14 | 000,001,478 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 24x24px\red1-24.png
[2012.03.07 00:50:14 | 000,001,482 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 24x24px\red2-24.png
[2012.03.07 00:50:14 | 000,001,424 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 24x24px\red3-24.png
[2012.03.07 00:50:14 | 000,001,429 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 24x24px\yellow1-24.png
[2012.03.07 00:50:14 | 000,001,419 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 24x24px\yellow2-24.png
[2012.03.07 00:50:14 | 000,001,424 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\ico 24x24px\yellow3-24.png
[2012.03.07 00:50:14 | 000,002,019 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\check-priority.jp
[2012.03.07 00:50:14 | 000,002,019 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\check-priority.jpg
[2012.03.07 00:50:14 | 000,001,103 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\close.png
[2012.03.07 00:50:14 | 000,001,841 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\green1.png
[2012.03.07 00:50:14 | 000,001,856 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\green2.png
[2012.03.07 00:50:14 | 000,001,765 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\green3.png
[2012.03.07 00:50:14 | 000,001,763 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\grey.png
[2012.03.07 00:50:14 | 000,001,669 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\orange1.png
[2012.03.07 00:50:14 | 000,001,671 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\orange2.png
[2012.03.07 00:50:14 | 000,001,627 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\orange3.png
[2012.03.07 00:50:14 | 000,001,617 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\red1.png
[2012.03.07 00:50:14 | 000,001,640 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\red2.png
[2012.03.07 00:50:14 | 000,001,537 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\red3.png
[2012.03.07 00:50:14 | 000,002,541 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\shop-icon-big.jp
[2012.03.07 00:50:14 | 000,002,541 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\shop-icon-big.jpg
[2012.03.07 00:50:14 | 000,001,342 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\shop-icon-small.jp
[2012.03.07 00:50:14 | 000,001,342 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\icons\shop-icon-small.jpg
[2012.03.07 00:50:13 | 000,000,510 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\background-body.jpg
[2012.03.07 00:50:13 | 000,000,373 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\background-body.png
[2012.03.07 00:50:13 | 000,000,314 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\background-header.jpg
[2012.03.07 00:50:13 | 000,000,282 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\background-right-bottom.png
[2012.03.07 00:50:14 | 000,000,281 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\background-right-top.png
[2012.03.07 00:50:13 | 000,000,523 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\background-right.png
[2012.03.07 00:50:13 | 000,001,347 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\bg-window.png
[2012.03.07 00:50:13 | 000,001,606 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\Button-1.png
[2012.03.07 00:50:13 | 000,001,052 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\button-middle.png
[2012.03.07 00:50:13 | 000,001,146 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\close-hover.png
[2012.03.07 00:50:13 | 000,001,156 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\close.png
[2012.03.07 00:50:13 | 000,001,049 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\corner-left-bottom.png
[2012.03.07 00:50:13 | 000,001,055 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\corner-left-top.png
[2012.03.07 00:50:13 | 000,001,047 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\corner-right-bottom.png
[2012.03.07 00:50:13 | 000,001,055 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\corner-right-top.png
[2012.03.07 00:50:13 | 000,002,087 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\corporate-small-disable.png
[2012.03.07 00:50:13 | 000,001,939 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\corporate-small-selected.png
[2012.03.07 00:50:13 | 000,003,215 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\corporate.png
[2012.03.07 00:50:13 | 000,002,265 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\drugs-small-disable.png
[2012.03.07 00:50:13 | 000,002,263 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\drugs-small-selected.png
[2012.03.07 00:50:13 | 000,005,828 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\drugs.png
[2012.03.07 00:50:13 | 000,002,303 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\gambling-small-disable.png
[2012.03.07 00:50:13 | 000,002,155 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\gambling-small-selected.png
[2012.03.07 00:50:13 | 000,004,773 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\gambling.png
[2012.03.07 00:50:13 | 000,003,829 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\green-1.png
[2012.03.07 00:50:13 | 000,003,549 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\green-2.png
[2012.03.07 00:50:13 | 000,003,075 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\green-3.png
[2012.03.07 00:50:13 | 000,001,593 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\green-hover.png
[2012.03.07 00:50:13 | 000,002,977 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\green-selected.png
[2012.03.07 00:50:13 | 000,001,590 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\green.png
[2012.03.07 00:50:13 | 000,001,416 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\green1-16.png
[2012.03.07 00:50:13 | 000,001,665 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\green1-24.png
[2012.03.07 00:50:13 | 000,001,408 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\green1-small.png
[2012.03.07 00:50:13 | 000,001,430 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\green2-16.png
[2012.03.07 00:50:13 | 000,001,665 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\green2-24.png
[2012.03.07 00:50:13 | 000,001,426 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\green2-small.png
[2012.03.07 00:50:13 | 000,001,406 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\green3-16.png
[2012.03.07 00:50:13 | 000,001,611 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\green3-24.png
[2012.03.07 00:50:14 | 000,001,396 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\green3-small.png
[2012.03.07 00:50:13 | 000,003,955 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\grey-0.png
[2012.03.07 00:50:13 | 000,003,110 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\grey-3.png
[2012.03.07 00:50:13 | 000,001,433 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\grey-small.png
[2012.03.07 00:50:13 | 000,001,441 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\grey0-16.png
[2012.03.07 00:50:13 | 000,001,606 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\grey0-24.png
[2012.03.07 00:50:13 | 000,001,451 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\grey3-16.png
[2012.03.07 00:50:13 | 000,001,608 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\grey3-24.png
[2012.03.07 00:50:13 | 000,000,743 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\horizontal-line-white.jpg
[2012.03.07 00:50:13 | 000,001,032 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\horizontal-line.jpg
[2012.03.07 00:50:13 | 000,004,733 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\icon_incorrect.png
[2012.03.07 00:50:13 | 000,002,318 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\illegal-small-disable.png
[2012.03.07 00:50:13 | 000,002,320 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\illegal-small-selected.png
[2012.03.07 00:50:13 | 000,006,501 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\illegal.png
[2012.03.07 00:50:13 | 000,002,139 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\it-small-disable.png
[2012.03.07 00:50:13 | 000,001,957 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\it-small-selected.png
[2012.03.07 00:50:13 | 000,003,884 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\it.png
[2012.03.07 00:50:13 | 000,000,807 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\kenny.png
[2012.03.07 00:50:13 | 000,001,300 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\limet-hover.png
[2012.03.07 00:50:13 | 000,002,791 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\limet-selected.png
[2012.03.07 00:50:13 | 000,001,298 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\limet.png
[2012.03.07 00:50:13 | 000,001,810 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\line-dark-horizontal.png
[2012.03.07 00:50:13 | 000,001,787 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\line-light-horizontal.png
[2012.03.07 00:50:13 | 000,002,157 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\logo.png
[2012.03.07 00:50:13 | 000,002,057 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\news-small-disable.png
[2012.03.07 00:50:13 | 000,001,961 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\news-small-selected.png
[2012.03.07 00:50:13 | 000,003,762 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\news.png
[2012.03.07 00:50:13 | 000,001,303 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\orange-hover.png
[2012.03.07 00:50:13 | 000,002,788 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\orange-selected.png
[2012.03.07 00:50:13 | 000,001,304 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\orange.png
[2012.03.07 00:50:13 | 000,002,124 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\pornography-small-disable.png
[2012.03.07 00:50:13 | 000,001,984 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\pornography-small-selected.png
[2012.03.07 00:50:13 | 000,004,104 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\pornography.png
[2012.03.07 00:50:13 | 000,002,519 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\red-1-108.png
[2012.03.07 00:50:13 | 000,003,741 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\red-1.png
[2012.03.07 00:50:13 | 000,003,479 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\red-2.png
[2012.03.07 00:50:13 | 000,002,716 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\red-3.png
[2012.03.07 00:50:13 | 000,001,549 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\red-hover.png
[2012.03.07 00:50:13 | 000,002,939 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\red-selected.png
[2012.03.07 00:50:13 | 000,001,552 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\red.png
[2012.03.07 00:50:13 | 000,001,376 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\red1-16.png
[2012.03.07 00:50:13 | 000,001,478 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\red1-24.png
[2012.03.07 00:50:13 | 000,001,367 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\red1-small.png
[2012.03.07 00:50:13 | 000,001,386 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\red2-16.png
[2012.03.07 00:50:13 | 000,001,482 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\red2-24.png
[2012.03.07 00:50:13 | 000,001,377 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\red2-small.png
[2012.03.07 00:50:13 | 000,001,361 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\red3-16.png
[2012.03.07 00:50:13 | 000,001,424 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\red3-24.png
[2012.03.07 00:50:13 | 000,001,352 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\red3-small.png
[2012.03.07 00:50:13 | 000,002,122 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\shopping-small-disable.png
[2012.03.07 00:50:13 | 000,002,075 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\shopping-small-selected.png
[2012.03.07 00:50:13 | 000,005,208 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\shopping.png
[2012.03.07 00:50:13 | 000,002,235 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\social-small-disable.png
[2012.03.07 00:50:13 | 000,002,147 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\social-small-selected.png
[2012.03.07 00:50:13 | 000,005,147 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\social.png
[2012.03.07 00:50:13 | 000,000,504 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\vertical-line.jpg
[2012.03.07 00:50:13 | 000,002,245 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\violence-small-disable.png
[2012.03.07 00:50:13 | 000,002,109 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\violence-small-selected.png
[2012.03.07 00:50:13 | 000,004,866 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\violence.png
[2012.03.07 00:50:13 | 000,013,973 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\Warning.png
[2012.03.07 00:50:13 | 000,001,763 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\window-wrc.png
[2012.03.07 00:50:13 | 000,003,818 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\yellow-1.png
[2012.03.07 00:50:13 | 000,003,525 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\yellow-2.png
[2012.03.07 00:50:13 | 000,002,697 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\yellow-3.png
[2012.03.07 00:50:13 | 000,001,304 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\yellow-hover.png
[2012.03.07 00:50:13 | 000,002,782 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\yellow-selected.png
[2012.03.07 00:50:13 | 000,001,304 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\yellow.png
[2012.03.07 00:50:13 | 000,001,337 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\yellow1-16.png
[2012.03.07 00:50:13 | 000,001,429 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\yellow1-24.png
[2012.03.07 00:50:13 | 000,001,379 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\yellow1-small.png
[2012.03.07 00:50:13 | 000,001,345 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\yellow2-16.png
[2012.03.07 00:50:13 | 000,001,419 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\yellow2-24.png
[2012.03.07 00:50:13 | 000,001,395 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\yellow2-small.png
[2012.03.07 00:50:13 | 000,001,302 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\yellow3-16.png
[2012.03.07 00:50:13 | 000,001,424 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\yellow3-24.png
[2012.03.07 00:50:13 | 000,001,363 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\FF\skin\png\yellow3-small.png
[2012.03.07 00:50:09 | 000,409,518 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-67750765-3746830123-2281431820-1000\$RYNMM74\WebRep\Safari\wrc.safariextz

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: AGP440.SYS >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.01.21 04:24:45 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\System32\autochk.exe
[2008.01.21 04:24:45 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe

< MD5 for: BEEP.SYS >
[2008.01.21 04:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008.01.21 04:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Elements\patch\QFE\KB958624\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2012.06.30 00:26:50 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Elements\patch\QFE\KB958624\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2012.06.30 00:26:49 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2012.06.30 00:26:49 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Elements\patch\QFE\KB958624\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2012.06.30 00:26:49 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Elements\patch\QFE\KB958624\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2012.06.30 00:26:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTOR.SYS >
[2009.02.12 03:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver64\IaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver\IaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_c491546e\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2009.02.13 10:21:09 | 000,890,880 | ---- | M] (Microsoft Corporation) MD5=1987D817D08F5EAF0B7F334026FDDB79 -- C:\Elements\patch\QFE\KB959426\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[2012.06.30 00:31:17 | 000,890,880 | ---- | M] (Microsoft Corporation) MD5=1987D817D08F5EAF0B7F334026FDDB79 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[2009.02.13 09:26:37 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=B82C7AC1D559F0FD088792171D64C7F3 -- C:\Elements\patch\QFE\KB959426\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[2012.06.30 00:31:17 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=B82C7AC1D559F0FD088792171D64C7F3 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[2009.02.13 09:13:01 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=BB792054BD990EC05D9E260D50FEAD39 -- C:\Elements\patch\QFE\KB959426\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[2012.06.30 00:31:17 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=BB792054BD990EC05D9E260D50FEAD39 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[2009.02.13 10:49:05 | 000,888,832 | ---- | M] (Microsoft Corporation) MD5=DB6E3731E6F5C8AE2843F80B5787F7C6 -- C:\Elements\patch\QFE\KB959426\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[2012.06.30 00:31:17 | 000,888,832 | ---- | M] (Microsoft Corporation) MD5=DB6E3731E6F5C8AE2843F80B5787F7C6 -- C:\Windows\System32\kernel32.dll
[2012.06.30 00:31:17 | 000,888,832 | ---- | M] (Microsoft Corporation) MD5=DB6E3731E6F5C8AE2843F80B5787F7C6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[2008.01.21 04:24:13 | 000,888,320 | ---- | M] (Microsoft Corporation) MD5=DC2338093F91BA4E0512208E60206DDD -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008.01.21 04:24:02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\System32\mswsock.dll
[2008.01.21 04:24:02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NDIS.SYS >
[2008.01.21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\System32\drivers\ndis.sys
[2008.01.21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NTFS.SYS >
[2008.01.21 04:23:51 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\System32\drivers\ntfs.sys
[2008.01.21 04:23:51 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008.01.21 04:25:28 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=A7DFF9642D510BE1EEC6664CD0369953 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2006.11.02 11:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\System32\proquota.exe
[2006.11.02 11:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

< MD5 for: QMGR.DLL >
[2008.01.21 04:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\System32\qmgr.dll
[2008.01.21 04:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2008.01.21 04:24:45 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\System32\spoolsv.exe
[2008.01.21 04:24:45 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008.01.21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TERMSRV.DLL >
[2008.01.21 04:24:12 | 000,448,512 | ---- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 -- C:\Windows\System32\termsrv.dll
[2008.01.21 04:24:12 | 000,448,512 | ---- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< End of report >

OTL Extras logfile created on: 04.07.2012 01:38:20 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\fzx\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 84,62% Memory free
6,19 Gb Paging File | 5,88 Gb Available in Paging File | 95,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 448,97 Gb Total Space | 379,92 Gb Free Space | 84,62% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 297,09 Gb Free Space | 63,79% Space Free | Partition Type: NTFS

Computer Name: FZX-PC | User Name: fzx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6013A341-A1B1-48AA-90F0-30BC527E4414}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7423B84F-4011-4950-9DCD-3BA37A3DB131}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CEC1A1-EC83-485E-BDAB-A89C9B952490}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{24D65C2E-2581-4F52-BC48-9E09C6D15FE4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{4E9CE2CE-2359-463B-9218-816C2C112817}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{61B2D945-D168-43AD-95EA-2559AE5B3DBA}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{66F67CA9-0059-434C-BE1E-0644E2B0C3E3}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{6CEB0D4D-9726-4CCC-B17C-DE76A38661B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A5B8D40D-E1F9-4FDF-A50F-947BFF64CD43}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{DCB5BB87-D7EA-42D0-A3F2-D9083B89DA1F}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{ED738515-B783-4554-99C5-4A9D0B72561F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{F847DFB2-8255-47FE-ADD9-61C42A16FDCF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FCA8BE6F-D0A8-4B59-B3D8-AA416CC5C1BF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Opplastingsverktøy for Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{33FE4D58-2D62-4969-8B0F-7F7ACBB7BD23}" = Windows Live Messenger
"{448D1E2D-AAEA-470E-BDF1-A326B48327F3}" = Windows Live Writer
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111125700}" = Rainbow Web
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{84D113BB-A869-4A01-8EC8-D5CD579F76AA}" = Windows Live Fotogalleri
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0414-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007
"{90120000-0016-0414-0000-0000000FF1CE}_HOMESTUDENTR_{7C86509D-1CB7-48BE-813E-6585CD97626B}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0414-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007
"{90120000-0018-0414-0000-0000000FF1CE}_HOMESTUDENTR_{7C86509D-1CB7-48BE-813E-6585CD97626B}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0414-0000-0000000FF1CE}" = Microsoft Office Word MUI (Norwegian (Bokmål)) 2007
"{90120000-001B-0414-0000-0000000FF1CE}_HOMESTUDENTR_{7C86509D-1CB7-48BE-813E-6585CD97626B}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2007
"{90120000-001F-0414-0000-0000000FF1CE}_HOMESTUDENTR_{3FE135E8-2B21-44ED-99CA-87C782C4F5F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2007
"{90120000-001F-0814-0000-0000000FF1CE}_HOMESTUDENTR_{63BBC1EA-E390-403D-BFDE-B53E1D23FF46}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0414-0000-0000000FF1CE}" = Compatibility Pack for 2007 Office
"{90120000-002C-0414-0000-0000000FF1CE}" = Microsoft Office Proofing (Norwegian (Bokmål)) 2007
"{90120000-006E-0414-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007
"{90120000-006E-0414-0000-0000000FF1CE}_HOMESTUDENTR_{3CC75FEB-8AA6-43F5-958E-0D074633CB2E}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0414-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007
"{90120000-00A1-0414-0000-0000000FF1CE}_HOMESTUDENTR_{7C86509D-1CB7-48BE-813E-6585CD97626B}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0414-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Norwegian (Bokmål))
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{AC76BA86-7AD7-1044-7B44-A90000000001}" = Adobe Reader 9 - Norsk
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{C15E140D-EA34-422D-B431-6728AAFCF48D}" = Påloggingsassistent for Windows Live
"{CCA238D3-4FFC-4B3E-B34F-3AD78AD11523}" = Windows Live Mail
"{D0AF5F14-3DC5-405B-8EE1-445D97043BC1}" = Windows Live Essentials
"{D1824129-8BE2-4FA6-B262-C4D99F7355D3}" = Microsoft Works
"{D5A7ED72-BADF-4AF6-BC93-4C8A93F25AF6}" = Windows Live Sync
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30.06.2012 11:05:25 | Computer Name = fzx-PC | Source = System Restore | ID = 8193
Description =

Error - 30.06.2012 11:05:27 | Computer Name = fzx-PC | Source = System Restore | ID = 8193
Description =

Error - 30.06.2012 11:19:56 | Computer Name = fzx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 30.06.2012 11:19:57 | Computer Name = fzx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 30.06.2012 11:31:41 | Computer Name = fzx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 30.06.2012 11:51:10 | Computer Name = fzx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 30.06.2012 12:17:20 | Computer Name = fzx-PC | Source = MsiInstaller | ID = 11317
Description =

Error - 30.06.2012 12:17:33 | Computer Name = fzx-PC | Source = MsiInstaller | ID = 11317
Description =

Error - 30.06.2012 14:22:55 | Computer Name = fzx-PC | Source = System Restore | ID = 8193
Description =

Error - 30.06.2012 14:22:55 | Computer Name = fzx-PC | Source = Wininit | ID = 1015
Description = En kritisk systemprosess, C:\Windows\system32\lsass.exe, mislyktes
med statuskode 00000000. Maskinen må startes på nytt.

[ System Events ]
Error - 29.06.2012 21:39:33 | Computer Name = fzx-PC | Source = HTTP | ID = 15016
Description =

Error - 29.06.2012 21:40:08 | Computer Name = fzx-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 29.06.2012 21:40:08 | Computer Name = fzx-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#15 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 03 July 2012 - 06:57 PM

i had to use system restore right before the logs i will try to boot up in normal mode for a while and then il run the scan again and post back




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users