Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Boot.mebroot


  • Please log in to reply

#1
Graybeard4953

Graybeard4953

    New Member

  • Member
  • Pip
  • 1 posts
Hello

My wifes computer has had the mebroot virus for a while and norton was cathing it and taking care of it untill a week ago. We decided to upgade to windows 7 from xp. I bought a new 1 TB hard drive and installed windows 7 then stated reloading programs Starting with Norton 2011. I then copied her Data from D drive to the new drive and then diconnected D drive. I then ran a full scan and norton did not find any virus. Today My wife was continuing to load programs and work on her computer. This afternoon Boot.Mebroot was angain detected by Norton and needed imediate attention as it could not remove it.

when I go to the log history in norton I dont see any virus detected in the log. I then ran a scan and a medium threat unauthorize access blocked from "C:windows\system32\services.exe"

I am stumpped and need some help please. I am a newbe to this site. I have search the web for a soultion but nothing seem right. I read on thread where here where help was give for vista that seem to solve the problem.

Thanks Mike

OTL

OTL logfile created on: 1/5/2011 5:13:05 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Theresia\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 341.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 845.53 Gb Free Space | 90.78% Space Free | Partition Type: NTFS
Drive E: | 2.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: THERESIA-PC | User Name: Theresia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/05 17:12:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Theresia\Downloads\OTL.exe
PRC - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
PRC - [2010/11/10 02:07:26 | 000,054,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Companion\companionuser.exe
PRC - [2010/11/10 01:13:30 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/11/09 15:53:00 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/07/17 19:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/01/05 17:12:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Theresia\Downloads\OTL.exe
MOD - [2009/07/13 17:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 17:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 17:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 17:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 17:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 17:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/04 21:12:40 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/11/09 15:53:00 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 17:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 17:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 17:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 17:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 17:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - [2011/01/04 11:25:58 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/01/04 01:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110105.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/01/04 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/01/04 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/04 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110105.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/30 21:24:00 | 000,295,032 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMNETS.SYS -- (SymNetS)
DRV - [2010/11/22 20:21:16 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/22 20:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/22 20:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 18:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 17:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/10 17:46:29 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101231.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/10/20 18:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/07/13 17:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 17:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 17:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 17:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 17:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 17:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 17:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 17:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 17:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 17:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 17:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 17:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 17:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 17:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 17:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 17:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 17:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 17:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 17:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 17:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 17:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 17:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 17:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 17:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 17:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 17:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 17:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 17:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 17:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 17:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 17:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 17:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 16:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 15:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 15:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 15:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 15:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 15:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 15:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 15:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 15:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 14:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 14:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 14:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 14:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 14:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 14:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 14:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 14:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 14:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lighthous...N PAGE2009.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 E8 E1 31 41 AC CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/01/04 11:26:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/01/04 11:25:41 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/14 01:26:40 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{bf443faa-1831-11e0-8d53-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bf443faa-1831-11e0-8d53-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009/07/14 01:26:40 | 000,111,880 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/05 16:11:01 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Local\Diagnostics
[2011/01/05 10:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/01/05 09:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software
[2011/01/05 09:39:19 | 000,000,000 | ---D | C] -- C:\Users\Theresia\Documents\My PSP8 Files
[2011/01/05 09:39:19 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Roaming\Jasc Software Inc
[2011/01/05 09:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2011/01/05 09:08:55 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Roaming\Macromedia
[2011/01/05 08:34:22 | 000,000,000 | --SD | C] -- C:\Users\Theresia\Documents\My Web Sites
[2011/01/05 08:22:19 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Local\{7D493E38-9A41-4AF9-9544-C170AD2838B0}
[2011/01/04 23:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ipswitch WS_FTP Home
[2011/01/04 23:32:55 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Roaming\Ipswitch
[2011/01/04 23:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Ipswitch
[2011/01/04 23:32:38 | 000,050,688 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbhelp2.dll
[2011/01/04 23:32:37 | 000,606,293 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbocx.ocx
[2011/01/04 23:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Ipswitch
[2011/01/04 23:30:56 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Roaming\InstallShield
[2011/01/04 23:17:20 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Local\Intuit
[2011/01/04 23:17:02 | 004,194,304 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\System32\cdintf400.dll
[2011/01/04 23:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
[2011/01/04 23:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2011/01/04 23:14:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Intuit
[2011/01/04 23:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2011/01/04 23:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Intuit
[2011/01/04 23:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2011/01/04 23:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SQL Anywhere 11
[2011/01/04 23:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\COMMON FILES
[2011/01/04 23:12:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/01/04 23:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/01/04 21:15:26 | 000,000,000 | ---D | C] -- C:\Windows\Intuit
[2011/01/04 21:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/01/04 21:12:40 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Roaming\Adobe
[2011/01/04 21:12:37 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Local\Adobe
[2011/01/04 21:12:12 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2011/01/04 21:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/01/04 21:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/01/04 21:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/01/04 21:02:42 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Local\IsolatedStorage
[2011/01/04 21:02:26 | 000,000,000 | ---D | C] -- C:\Users\Theresia\Documents\Family Tree Maker
[2011/01/04 21:02:19 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Local\Ancestry.com
[2011/01/04 20:58:50 | 000,000,000 | ---D | C] -- C:\IExp1.tmp
[2011/01/04 20:58:46 | 000,000,000 | ---D | C] -- C:\IExp0.tmp
[2011/01/04 20:58:45 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2011/01/04 20:58:44 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2011/01/04 20:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2011/01/04 20:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2011/01/04 20:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2011/01/04 20:58:25 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/01/04 20:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2011
[2011/01/04 20:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Family Tree Maker 2011
[2011/01/04 20:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\BCL Technologies
[2011/01/04 20:48:36 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Local\CrashDumps
[2011/01/04 20:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/01/04 20:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/04 20:25:45 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/01/04 20:25:45 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/01/04 20:25:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/01/04 20:25:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/01/04 20:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/04 20:02:06 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdimon.dll
[2011/01/04 20:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/01/04 20:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/01/04 20:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/01/04 19:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/01/04 19:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/01/04 19:53:23 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/01/04 19:36:55 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Roaming\Windows Live Writer
[2011/01/04 19:36:55 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Local\Windows Live Writer
[2011/01/04 19:00:22 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Local\{60C037AA-DAEA-49B4-A73D-650A65C70752}
[2011/01/04 19:00:08 | 000,000,000 | ---D | C] -- C:\Users\Theresia\Tracing
[2011/01/04 12:17:05 | 000,000,000 | ---D | C] -- C:\Data Directory
[2011/01/04 11:30:19 | 000,000,000 | ---D | C] -- C:\Users\Theresia\Documents\Symantec
[2011/01/04 11:25:59 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/01/04 11:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/01/04 11:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/01/04 11:25:52 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\SymEFA.sys
[2011/01/04 11:25:52 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\SymDS.sys
[2011/01/04 11:25:52 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\symnets.sys
[2011/01/04 11:25:52 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\srtspx.sys
[2011/01/04 11:25:51 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\srtsp.sys
[2011/01/04 11:25:51 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\Ironx86.sys
[2011/01/04 11:25:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2011/01/04 11:25:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1205000.07D
[2011/01/04 11:25:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/01/04 11:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/01/04 11:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/01/04 11:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/01/04 11:17:31 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/01/04 11:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/01/04 11:15:42 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/01/04 11:13:52 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/01/04 11:12:41 | 000,039,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2011/01/04 11:12:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/01/04 11:11:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/01/04 11:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/01/04 11:06:09 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/01/04 11:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/01/04 11:04:48 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/01/04 11:04:48 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/01/04 11:04:39 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011/01/04 11:04:02 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/01/04 11:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/01/04 11:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/01/04 11:02:58 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/01/04 11:02:35 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/01/04 11:02:35 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/01/04 11:01:23 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/01/04 11:01:23 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/01/04 11:01:22 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/01/04 10:59:15 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Local\Windows Live
[2011/01/04 10:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/01/04 10:52:09 | 000,000,000 | R--D | C] -- C:\Users\Theresia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/01/04 10:52:09 | 000,000,000 | R--D | C] -- C:\Users\Theresia\Searches
[2011/01/04 10:52:09 | 000,000,000 | R--D | C] -- C:\Users\Theresia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/01/04 10:52:08 | 000,000,000 | -H-D | C] -- C:\Users\Theresia\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/01/04 10:52:00 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Roaming\Identities
[2011/01/04 10:51:58 | 000,000,000 | R--D | C] -- C:\Users\Theresia\Contacts
[2011/01/04 10:51:52 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Local\VirtualStore
[2011/01/04 10:51:50 | 000,000,000 | --SD | C] -- C:\Users\Theresia\AppData\Roaming\Microsoft
[2011/01/04 10:51:50 | 000,000,000 | R--D | C] -- C:\Users\Theresia\Videos
[2011/01/04 10:51:50 | 000,000,000 | R--D | C] -- C:\Users\Theresia\Saved Games
[2011/01/04 10:51:50 | 000,000,000 | R--D | C] -- C:\Users\Theresia\Pictures
[2011/01/04 10:51:50 | 000,000,000 | R--D | C] -- C:\Users\Theresia\Music
[2011/01/04 10:51:50 | 000,000,000 | R--D | C] -- C:\Users\Theresia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/01/04 10:51:50 | 000,000,000 | R--D | C] -- C:\Users\Theresia\Links
[2011/01/04 10:51:50 | 000,000,000 | R--D | C] -- C:\Users\Theresia\Favorites
[2011/01/04 10:51:50 | 000,000,000 | R--D | C] -- C:\Users\Theresia\Downloads
[2011/01/04 10:51:50 | 000,000,000 | R--D | C] -- C:\Users\Theresia\My Documents
[2011/01/04 10:51:50 | 000,000,000 | R--D | C] -- C:\Users\Theresia\Desktop
[2011/01/04 10:51:50 | 000,000,000 | R--D | C] -- C:\Users\Theresia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/01/04 10:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Theresia\AppData\Local\Temporary Internet Files
[2011/01/04 10:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Theresia\Templates
[2011/01/04 10:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Theresia\Start Menu
[2011/01/04 10:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Theresia\SendTo
[2011/01/04 10:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Theresia\Recent
[2011/01/04 10:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Theresia\PrintHood
[2011/01/04 10:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Theresia\NetHood
[2011/01/04 10:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Theresia\Documents\My Videos
[2011/01/04 10:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Theresia\Documents\My Pictures
[2011/01/04 10:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Theresia\Documents\My Music
[2011/01/04 10:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Theresia\My Documents
[2011/01/04 10:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Theresia\Local Settings
[2011/01/04 10:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Theresia\AppData\Local\History
[2011/01/04 10:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Theresia\Cookies
[2011/01/04 10:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Theresia\Application Data
[2011/01/04 10:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Theresia\AppData\Local\Application Data
[2011/01/04 10:51:50 | 000,000,000 | -H-D | C] -- C:\Users\Theresia\AppData
[2011/01/04 10:51:50 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Local\Temp
[2011/01/04 10:51:50 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Local\Microsoft
[2011/01/04 10:51:50 | 000,000,000 | ---D | C] -- C:\Users\Theresia\AppData\Roaming\Media Center Programs
[2011/01/04 10:51:35 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/01/04 10:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/01/04 10:40:49 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/01/04 10:38:38 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/01/04 10:38:03 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/01/04 10:36:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/05 16:21:53 | 000,012,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/05 16:21:53 | 000,012,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/05 16:00:38 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/01/05 16:00:38 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/01/05 14:30:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/05 09:42:21 | 000,002,683 | ---- | M] () -- C:\Users\Public\Desktop\Jasc Paint Shop Pro 8.lnk
[2011/01/05 08:30:25 | 000,980,634 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1205000.07D\Cat.DB
[2011/01/04 23:33:06 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\WS_FTP Home.lnk
[2011/01/04 23:29:16 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/04 23:29:16 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/04 23:24:49 | 000,369,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/04 23:24:37 | 804,360,192 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/04 23:17:08 | 000,000,095 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/01/04 23:16:40 | 000,002,392 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/01/04 23:16:40 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\QuickBooks Pro 2010.lnk
[2011/01/04 21:45:10 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/01/04 21:11:45 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Standard.lnk
[2011/01/04 20:58:19 | 000,001,962 | ---- | M] () -- C:\Users\Public\Desktop\Family Tree Maker 2011.lnk
[2011/01/04 20:25:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/01/04 20:25:38 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/01/04 20:25:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/01/04 20:25:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/01/04 20:22:58 | 000,002,631 | ---- | M] () -- C:\Users\Theresia\Desktop\Microsoft Office FrontPage 2003.lnk
[2011/01/04 20:01:19 | 000,002,675 | ---- | M] () -- C:\Users\Theresia\Desktop\Microsoft Office Word 2003.lnk
[2011/01/04 20:01:18 | 000,002,645 | ---- | M] () -- C:\Users\Theresia\Desktop\Microsoft Office PowerPoint 2003.lnk
[2011/01/04 20:01:18 | 000,002,611 | ---- | M] () -- C:\Users\Theresia\Desktop\Microsoft Office Publisher 2003.lnk
[2011/01/04 20:01:17 | 000,002,677 | ---- | M] () -- C:\Users\Theresia\Desktop\Microsoft Office Excel 2003.lnk
[2011/01/04 11:25:58 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/01/04 11:25:58 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/01/04 11:25:58 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/01/04 11:25:54 | 000,002,506 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/01/04 11:17:31 | 000,001,311 | ---- | M] () -- C:\Users\Theresia\Desktop\Norton Installation Files.lnk
[2011/01/04 11:08:56 | 000,000,020 | ---- | M] () -- C:\Windows\x
[2011/01/04 10:57:07 | 000,001,407 | ---- | M] () -- C:\Users\Theresia\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/04 10:41:56 | 000,041,962 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/01/04 10:39:55 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/01/04 10:39:55 | 000,000,000 | ---- | M] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/04 10:39:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/05 15:57:09 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/01/05 15:57:09 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/01/05 09:45:07 | 000,002,683 | ---- | C] () -- C:\Users\Public\Desktop\Jasc Paint Shop Pro 8.lnk
[2011/01/04 23:33:06 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\WS_FTP Home.lnk
[2011/01/04 23:16:40 | 000,002,392 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/01/04 23:16:39 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\QuickBooks Pro 2010.lnk
[2011/01/04 23:13:40 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/01/04 21:11:44 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Standard.lnk
[2011/01/04 20:58:19 | 000,001,962 | ---- | C] () -- C:\Users\Public\Desktop\Family Tree Maker 2011.lnk
[2011/01/04 20:26:42 | 000,002,631 | ---- | C] () -- C:\Users\Theresia\Desktop\Microsoft Office FrontPage 2003.lnk
[2011/01/04 20:06:20 | 000,002,611 | ---- | C] () -- C:\Users\Theresia\Desktop\Microsoft Office Publisher 2003.lnk
[2011/01/04 20:05:57 | 000,002,645 | ---- | C] () -- C:\Users\Theresia\Desktop\Microsoft Office PowerPoint 2003.lnk
[2011/01/04 20:05:09 | 000,002,675 | ---- | C] () -- C:\Users\Theresia\Desktop\Microsoft Office Word 2003.lnk
[2011/01/04 20:04:43 | 000,002,677 | ---- | C] () -- C:\Users\Theresia\Desktop\Microsoft Office Excel 2003.lnk
[2011/01/04 20:02:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/04 11:26:01 | 000,980,634 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\Cat.DB
[2011/01/04 11:25:59 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/01/04 11:25:59 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/01/04 11:25:54 | 000,002,506 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/01/04 11:25:43 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\iron.cat
[2011/01/04 11:25:43 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\SymNet.cat
[2011/01/04 11:25:43 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\SymEFA.cat
[2011/01/04 11:25:43 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\srtspx.cat
[2011/01/04 11:25:43 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\SymDS.cat
[2011/01/04 11:25:43 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\srtsp.cat
[2011/01/04 11:25:43 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\SymEFA.inf
[2011/01/04 11:25:43 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\SymDS.inf
[2011/01/04 11:25:43 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\SymNet.inf
[2011/01/04 11:25:43 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\srtspx.inf
[2011/01/04 11:25:43 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\srtsp.inf
[2011/01/04 11:25:43 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\Iron.inf
[2011/01/04 11:25:43 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\isolate.ini
[2011/01/04 11:17:31 | 000,001,311 | ---- | C] () -- C:\Users\Theresia\Desktop\Norton Installation Files.lnk
[2011/01/04 11:08:55 | 000,000,020 | ---- | C] () -- C:\Windows\x
[2011/01/04 10:57:07 | 000,001,407 | ---- | C] () -- C:\Users\Theresia\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/04 10:51:50 | 000,000,290 | ---- | C] () -- C:\Users\Theresia\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/01/04 10:51:50 | 000,000,272 | ---- | C] () -- C:\Users\Theresia\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/01/04 10:39:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/04 10:39:55 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/04 10:39:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/01/04 10:38:03 | 804,360,192 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP