Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help

Started by ali.B , Jun 25 2011 02:15 PM

  • This topic is locked This topic is locked

#1
ali.B
Posted 25 June 2011 - 02:15 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
big trouble here.

Just tried to start my laptop, it gets stuck on the black screen with the mouse cursor the one just right after "Starting Windows".

Tried many time to reboot, removed the battery but it just keeps getting stuck there.

Tried to launch startup repair still no luck.

I installed a copy of my windows on D:\ just to make sure i can access everything, i got important data :)

Any ideas ?

EDIT: during my last session i did a sfc /scannow its probably the reason but it shouldn't :/
  • 0

Advertisements

#2
JSntgRvr
Posted 25 June 2011 - 07:35 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
I moved the topic here so we can use some special tools we don't use in staff forums.

Lets give this a try throughout an External Environment, which simply means you will need to burn a boot CD with especial tools. You will also need a flash drive to move information from the troubled computer to a working computer. It is the only way we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.
  • Download OTLPEStd.exe to your desktop. NOTE: This file is 93.5MB in size so it may take some time to download.
  • Once downloaded, insert a blank CD in your burner and click on OTLPEStd.exe.The executable includes the OTLPE_New_Std.iso and a copy of imgburn, a program to burn .iso files. When executed, the application will extract both and start the burning process automatically.
  • Once the CD is burned, boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in


      /md5start
      UXTHEME.DLL
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      volsnap.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      winlogon.exe
      ntoskrnl.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
ali.B
Posted 26 June 2011 - 04:14 AM

ali.B

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 3,086 posts
I highly doubt its malware related, I've never been really infected in my life :)

Here is the log (the scan took more than 1 hour)

OTL logfile created on: 6/26/2011 12:47:09 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144.04 Gb Total Space | 64.64 Gb Free Space | 44.87% Space Free | Partition Type: NTFS
Drive D: | 7.11 Gb Total Space | 4.81 Gb Free Space | 67.59% Space Free | Partition Type: FAT32
Drive E: | 137.50 Gb Total Space | 91.13 Gb Free Space | 66.28% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 08:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 08:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/22 15:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/01/11 00:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (All) ==========

DRV:64bit: - [2011/04/28 23:06:10 | 000,467,456 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV:64bit: - [2011/04/28 23:05:49 | 000,410,112 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV:64bit: - [2011/04/28 23:05:37 | 000,168,448 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV:64bit: - [2011/04/26 22:40:40 | 000,158,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV:64bit: - [2011/04/26 22:39:40 | 000,289,280 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV:64bit: - [2011/04/26 22:39:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV:64bit: - [2011/04/25 01:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tcpip.sys -- (TCPIP6)
DRV:64bit: - [2011/04/25 01:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV:64bit: - [2011/04/24 22:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV:64bit: - [2011/03/24 23:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV:64bit: - [2011/03/24 23:29:14 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV:64bit: - [2011/03/24 23:29:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV:64bit: - [2011/03/24 23:29:03 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV:64bit: - [2011/03/22 00:27:46 | 000,028,264 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ITECIRfilter.sys -- (ITECIRfilter)
DRV:64bit: - [2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV:64bit: - [2011/03/11 02:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV:64bit: - [2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\iaStorV.sys -- (iaStorV)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/11 00:37:16 | 000,091,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV:64bit: - [2011/02/23 00:55:04 | 000,090,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV:64bit: - [2011/02/18 09:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV:64bit: - [2010/11/20 09:34:01 | 000,363,392 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV:64bit: - [2010/11/20 09:34:01 | 000,199,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2010/11/20 09:34:01 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV:64bit: - [2010/11/20 09:34:01 | 000,046,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2010/11/20 09:34:01 | 000,034,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2010/11/20 09:34:00 | 000,215,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2010/11/20 09:33:57 | 000,063,360 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\termdd.sys -- (TermDD)
DRV:64bit: - [2010/11/20 09:33:54 | 000,103,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sbp2port.sys -- (sbp2port)
DRV:64bit: - [2010/11/20 09:33:53 | 000,213,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2010/11/20 09:33:48 | 000,184,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV:64bit: - [2010/11/20 09:33:48 | 000,075,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV:64bit: - [2010/11/20 09:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV:64bit: - [2010/11/20 09:33:45 | 000,273,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\msiscsi.sys -- (iScsiPrt)
DRV:64bit: - [2010/11/20 09:33:44 | 000,155,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mpio.sys -- (mpio)
DRV:64bit: - [2010/11/20 09:33:44 | 000,140,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\msdsm.sys -- (msdsm)
DRV:64bit: - [2010/11/20 09:33:44 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV:64bit: - [2010/11/20 09:33:43 | 000,094,592 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\mountmgr.sys -- (mountmgr)
DRV:64bit: - [2010/11/20 09:33:38 | 000,152,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2010/11/20 09:33:38 | 000,095,616 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV:64bit: - [2010/11/20 09:33:36 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\Windows\system32\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:33:34 | 000,289,664 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV:64bit: - [2010/11/20 09:33:25 | 000,982,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV:64bit: - [2010/11/20 09:32:46 | 000,334,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV:64bit: - [2010/11/20 09:28:59 | 000,459,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\cng.sys -- (CNG)
DRV:64bit: - [2010/11/20 09:28:59 | 000,223,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:06:41 | 000,165,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpdr.sys -- (RDPDR)
DRV:64bit: - [2010/11/20 07:04:09 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 06:52:37 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV:64bit: - [2010/11/20 06:52:37 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wanarp.sys -- (WANARP)
DRV:64bit: - [2010/11/20 06:52:35 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV:64bit: - [2010/11/20 06:52:34 | 000,164,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV:64bit: - [2010/11/20 06:52:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV:64bit: - [2010/11/20 06:52:20 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\pacer.sys -- (Psched)
DRV:64bit: - [2010/11/20 06:52:19 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV:64bit: - [2010/11/20 06:51:50 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV:64bit: - [2010/11/20 06:51:48 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV:64bit: - [2010/11/20 06:50:08 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV:64bit: - [2010/11/20 06:44:56 | 000,229,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2010/11/20 06:44:52 | 000,552,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BTHport.sys -- (BTHPORT)
DRV:64bit: - [2010/11/20 06:44:37 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\umbus.sys -- (umbus)
DRV:64bit: - [2010/11/20 06:44:34 | 000,184,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2010/11/20 06:44:33 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2010/11/20 06:44:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2010/11/20 06:43:56 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2010/11/20 06:43:49 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV:64bit: - [2010/11/20 06:43:43 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\HDAudBus.sys -- (HDAudBus)
DRV:64bit: - [2010/11/20 06:43:32 | 000,172,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV:64bit: - [2010/11/20 06:42:44 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2010/11/20 06:34:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV:64bit: - [2010/11/20 06:33:25 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\kbdhid.sys -- (kbdhid)
DRV:64bit: - [2010/11/20 06:33:17 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2010/11/20 06:14:37 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV:64bit: - [2010/11/20 06:09:59 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2010/11/20 06:04:53 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV:64bit: - [2010/11/20 05:57:33 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2010/11/20 05:57:13 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 05:30:42 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2010/11/20 05:27:54 | 000,309,248 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV:64bit: - [2010/11/20 05:27:13 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\csc.sys -- (CSC)
DRV:64bit: - [2010/11/20 05:26:42 | 000,140,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV:64bit: - [2010/11/20 05:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV:64bit: - [2010/11/20 05:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/11/20 05:25:14 | 000,753,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV:64bit: - [2010/11/20 05:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV:64bit: - [2010/11/20 05:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV:64bit: - [2010/11/20 05:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\cdrom.sys -- (cdrom)
DRV:64bit: - [2010/11/06 06:54:31 | 000,321,072 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/01 00:46:10 | 000,137,616 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/10/31 17:59:32 | 011,574,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV:64bit: - [2010/10/31 17:28:32 | 001,487,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTKVHD64.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV:64bit: - [2010/10/24 15:25:38 | 000,188,928 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV:64bit: - [2010/10/24 15:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/10/24 15:25:38 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV:64bit: - [2010/07/21 10:59:28 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/07/21 10:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/21 10:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/13 03:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/04/13 19:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/09/16 00:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/08/22 23:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/07/13 21:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\clfs.sys -- (CLFS)
DRV:64bit: - [2009/07/13 21:52:31 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV:64bit: - [2009/07/13 21:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV:64bit: - [2009/07/13 21:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2009/07/13 21:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV:64bit: - [2009/07/13 21:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV:64bit: - [2009/07/13 21:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV:64bit: - [2009/07/13 21:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV:64bit: - [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\agp440.sys -- (agp440)
DRV:64bit: - [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV:64bit: - [2009/07/13 21:52:21 | 000,015,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdide.sys -- (amdide)
DRV:64bit: - [2009/07/13 21:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:27 | 000,060,496 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
DRV:64bit: - [2009/07/13 21:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV:64bit: - [2009/07/13 21:48:27 | 000,032,320 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\mssmbios.sys -- (mssmbios)
DRV:64bit: - [2009/07/13 21:48:27 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV:64bit: - [2009/07/13 21:48:26 | 000,122,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV:64bit: - [2009/07/13 21:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2009/07/13 21:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV:64bit: - [2009/07/13 21:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2009/07/13 21:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2009/07/13 21:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\kbdclass.sys -- (kbdclass)
DRV:64bit: - [2009/07/13 21:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV:64bit: - [2009/07/13 21:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV:64bit: - [2009/07/13 21:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\isapnp.sys -- (isapnp)
DRV:64bit: - [2009/07/13 21:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV:64bit: - [2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\disk.sys -- (Disk)
DRV:64bit: - [2009/07/13 21:47:48 | 000,070,224 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV:64bit: - [2009/07/13 21:47:48 | 000,065,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\gagp30kx.sys -- (gagp30kx)
DRV:64bit: - [2009/07/13 21:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\DRIVERS\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,654,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV:64bit: - [2009/07/13 21:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2009/07/13 21:45:55 | 000,064,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV:64bit: - [2009/07/13 21:45:55 | 000,064,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\uagp35.sys -- (uagp35)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:55 | 000,021,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\wd.sys -- (Wd)
DRV:64bit: - [2009/07/13 21:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV:64bit: - [2009/07/13 21:45:55 | 000,012,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\swenum.sys -- (swenum)
DRV:64bit: - [2009/07/13 21:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV:64bit: - [2009/07/13 21:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2009/07/13 21:45:45 | 000,220,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\pcmcia.sys -- (pcmcia)
DRV:64bit: - [2009/07/13 21:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV:64bit: - [2009/07/13 21:45:45 | 000,012,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\pciide.sys -- (pciide)
DRV:64bit: - [2009/07/13 21:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV:64bit: - [2009/07/13 21:01:19 | 000,651,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV:64bit: - [2009/07/13 20:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV:64bit: - [2009/07/13 20:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbscan.sys -- (usbscan)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV:64bit: - [2009/07/13 20:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV:64bit: - [2009/07/13 20:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV:64bit: - [2009/07/13 20:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV:64bit: - [2009/07/13 20:10:48 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV:64bit: - [2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/13 20:10:25 | 000,083,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:10:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV:64bit: - [2009/07/13 20:10:13 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV:64bit: - [2009/07/13 20:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV:64bit: - [2009/07/13 20:10:03 | 000,116,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV:64bit: - [2009/07/13 20:10:00 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV:64bit: - [2009/07/13 20:09:48 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV:64bit: - [2009/07/13 20:09:26 | 000,044,544 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:09:09 | 000,093,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV:64bit: - [2009/07/13 20:08:59 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV:64bit: - [2009/07/13 20:08:51 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV:64bit: - [2009/07/13 20:08:51 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV:64bit: - [2009/07/13 20:08:25 | 000,077,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:23 | 000,318,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:00 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2009/07/13 20:06:56 | 000,158,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009/07/13 20:06:53 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2009/07/13 20:06:52 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\hidbth.sys -- (HidBth)
DRV:64bit: - [2009/07/13 20:06:52 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:45 | 000,072,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ohci1394.sys -- (ohci1394) 1394 OHCI Compliant Host Controller (Legacy)
DRV:64bit: - [2009/07/13 20:06:37 | 000,100,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV:64bit: - [2009/07/13 20:06:34 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV:64bit: - [2009/07/13 20:06:30 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\usbohci.sys -- (usbohci)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:06:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV:64bit: - [2009/07/13 20:06:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:02:07 | 000,027,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\wacompen.sys -- (WacomPen)
DRV:64bit: - [2009/07/13 20:01:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV:64bit: - [2009/07/13 20:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\sfloppy.sys -- (sfloppy)
DRV:64bit: - [2009/07/13 20:01:01 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sffdisk.sys -- (sffdisk)
DRV:64bit: - [2009/07/13 20:00:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\fdc.sys -- (fdc)
DRV:64bit: - [2009/07/13 20:00:54 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\flpydisk.sys -- (flpydisk)
DRV:64bit: - [2009/07/13 20:00:41 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\parport.sys -- (Parport)
DRV:64bit: - [2009/07/13 20:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV:64bit: - [2009/07/13 20:00:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\serenum.sys -- (Serenum)
DRV:64bit: - [2009/07/13 20:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV:64bit: - [2009/07/13 20:00:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\sermouse.sys -- (sermouse)
DRV:64bit: - [2009/07/13 20:00:19 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ksthunk.sys -- (ksthunk)
DRV:64bit: - [2009/07/13 20:00:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV:64bit: - [2009/07/13 20:00:17 | 000,008,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV:64bit: - [2009/07/13 20:00:17 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV:64bit: - [2009/07/13 20:00:17 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV:64bit: - [2009/07/13 19:38:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV:64bit: - [2009/07/13 19:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV:64bit: - [2009/07/13 19:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:04 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\errdev.sys -- (ErrDev)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:31:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:64bit: - [2009/07/13 19:26:13 | 000,113,152 | ---- | M] (Microsoft Corporation) [File_System | Auto] -- C:\Windows\system32\drivers\luafv.sys -- (luafv)
DRV:64bit: - [2009/07/13 19:25:40 | 000,034,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV:64bit: - [2009/07/13 19:21:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV:64bit: - [2009/07/13 19:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\i8042prt.sys -- (i8042prt)
DRV:64bit: - [2009/07/13 19:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/07/13 19:19:25 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdk8.sys -- (AmdK8)
DRV:64bit: - [2009/07/13 19:19:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\processr.sys -- (Processor)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV:64bit: - [2009/06/10 16:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV:64bit: - [2009/06/10 16:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV:64bit: - [2009/06/10 16:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV:64bit: - [2009/06/10 16:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 06:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157



IE - HKU\aliB_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\aliB_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\aliB_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKU\aliB_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\aliB_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\aliB_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 EF F2 2C 73 2B CC 01 [binary data]
IE - HKU\aliB_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\aliB_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\aliB_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 0A 5A D2 18 30 CC 01 [binary data]
IE - HKU\Guest_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {27c60876-b5c9-4335-b4f3-52b26782220c}:0.9.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..network.proxy.type: 0


[2010/11/08 08:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aliB\AppData\Roaming\Mozilla\Extensions
[2010/11/08 08:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aliB\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/07 12:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aliB\AppData\Roaming\Mozilla\Firefox\Profiles\dw723usz.default\extensions
[2011/03/29 16:22:00 | 000,000,000 | ---D | M] ("Malware Search") -- C:\Users\aliB\AppData\Roaming\Mozilla\Firefox\Profiles\dw723usz.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2011/03/03 01:14:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/22 09:16:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/01/06 13:37:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/03 01:14:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/22 09:16:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 15:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/07/13 20:10:16 | 001,486,848 | ---- | M] (LizardTech) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll
[2011/06/07 05:35:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2011/04/17 04:25:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2011/04/17 04:25:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2011/04/17 04:25:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2011/04/17 04:25:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2011/04/17 04:25:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2011/04/17 04:25:16 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2011/04/17 04:25:16 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2011/04/08 06:58:52 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2011/03/04 10:16:44 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2011/04/08 06:58:52 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2011/03/04 10:16:44 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2011/04/08 06:58:52 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2011/04/08 06:58:52 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2011/04/08 06:58:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2011/04/08 06:58:52 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/04/01 15:06:20 | 000,000,944 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 cohlive-1.quazal.net
O1 - Hosts: 127.0.0.1 cohlive.quazal.net
O1 - Hosts: 127.0.0.1 reliclive.quazal.net #(Company of Heroes)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\aliB_ON_C..\Run: [EPSON Stylus CX8300 Series] File not found
O4 - HKU\aliB_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\aliB_ON_C..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\Guest_ON_C..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\aliB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/25 03:13:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/25 02:43:08 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{111D29D6-0C3F-407B-9B77-B68560D8EEA2}
[2011/06/24 14:42:39 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{C7CE4D42-CCC5-49F3-9616-48131CDFAECD}
[2011/06/24 01:39:06 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{F0CEAAAB-EE74-47AA-9B9E-88718E71BFCF}
[2011/06/23 05:30:39 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{802D9F52-09CE-4C33-A84F-FEC1FFDA035E}
[2011/06/22 15:27:59 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Roaming\.minecraft
[2011/06/22 14:50:47 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{B2B38398-5C89-48C9-9CDA-AC7FE0C51660}
[2011/06/22 02:50:18 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{466E16D8-3CF0-40C3-99B7-F987E091EB94}
[2011/06/21 05:43:41 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{D0A76B44-0ED0-4C90-AE79-6E8E00837ABF}
[2011/06/20 17:01:08 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{E0249EE9-8BED-42C0-A72C-ADD570A60442}
[2011/06/20 05:00:38 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{E3A2A432-FFE3-484D-9E1B-6BBC65C84FE5}
[2011/06/19 14:50:49 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{AEAF72D9-A53B-4E86-8F76-7E7699120506}
[2011/06/19 12:51:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/19 02:50:35 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{DE14CB7C-083A-4C59-8178-6E673BE50BC3}
[2011/06/18 06:45:26 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{42BCF302-20A2-4F5E-B217-5AFA792FAFD5}
[2011/06/17 15:45:56 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{9055E700-3BBA-4811-8BB7-21EB41E52818}
[2011/06/17 01:58:50 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{3696A8F8-B16A-4295-B7DC-3819817614D8}
[2011/06/17 01:46:58 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\Apple Computer
[2011/06/16 14:47:06 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2011/06/16 14:47:05 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/16 14:47:04 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/16 14:47:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/16 14:47:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/16 14:47:03 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/06/16 14:47:03 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/16 14:47:03 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/06/16 12:52:59 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\vlc
[2011/06/16 06:47:11 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2011/06/16 05:12:08 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{35BE9668-C46C-4269-9696-EE13011C7C8B}
[2011/06/15 17:11:42 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{B347DFBA-4982-4007-AAEE-04D3F339A976}
[2011/06/15 05:35:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\aliB\Desktop\OTL.exe
[2011/06/15 05:11:17 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{6C64933D-248A-4E33-BA94-52BB029E4DE4}
[2011/06/14 15:04:36 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{344B8F66-A45F-4C9B-B3CC-B0673B0B0673}
[2011/06/14 04:41:33 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{77A1ADED-34B1-411C-A289-99421C175169}
[2011/06/13 14:52:22 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{211DAC36-7A48-4AE1-9B19-E3B8186BCA50}
[2011/06/13 00:24:34 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{02D80BBB-AA81-4FB3-91F9-D0E40FBFBD9D}
[2011/06/12 14:27:43 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{220613A3-3A0F-4455-91D1-57603F6ABE23}
[2011/06/12 02:27:30 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{F14ACB8A-7079-4B0D-AA01-6A4BB511DC80}
[2011/06/11 02:27:02 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{1770ACBB-CDD3-4C58-88C3-CE58BEF00A79}
[2011/06/10 14:26:26 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{F82F2D57-F355-43C1-94D4-987189514D8A}
[2011/06/09 23:39:51 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{6E5DC6AC-0EFC-4A6A-9201-FFA44467C6B5}
[2011/06/09 04:59:37 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{6FDAE5AC-9E4D-4507-B80A-BE77525E498C}
[2011/06/08 05:26:13 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{D0F0C78D-94BB-4A10-853B-D2ADD1CD2F8D}
[2011/06/07 15:00:48 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{085DE207-AF44-4DDD-B5D7-33FFD5FD6C9D}
[2011/06/07 05:22:09 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{EA964CF9-F429-409C-9815-6EE445AE97E2}
[2011/06/06 05:46:00 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{5DC92D67-230A-48EC-B1BC-CA14510D82B7}
[2011/06/05 15:45:45 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{1A475898-8775-42E0-86F7-7CFDBA7A4F74}
[2011/06/05 12:59:35 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{7FDBE12E-6543-4842-89C7-2DBC486AC114}
[2011/06/05 06:34:22 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{197F0DB9-A0F9-4F85-952C-E0DFE5ED462B}
[2011/06/05 04:04:44 | 000,000,000 | ---D | C] -- C:\Users\aliB\Documents\Command & Conquer 3 Tiberium Wars
[2011/06/04 16:05:48 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{B87B1E0F-FA22-48B5-86EC-A00D73E83201}
[2011/06/04 08:36:16 | 000,000,000 | ---D | C] -- C:\Users\Guest\Documents\Command & Conquer 3 Tiberium Wars
[2011/06/04 08:33:14 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/06/04 03:52:28 | 000,000,000 | ---D | C] -- C:\Users\aliB\Documents\Command & Conquer 3 Kane's Wrath
[2011/06/04 02:29:55 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{1023CCD6-E01F-4A99-B607-ACF888406214}
[2011/06/03 14:29:28 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{45498ECF-95C9-4471-8A83-4A5A8C770AAC}
[2011/06/03 13:20:55 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{CF56FF2C-0048-4A3B-8BD4-C3A7381837DA}
[2011/06/03 13:05:13 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/06/03 05:27:03 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2011/06/03 05:08:57 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/06/03 01:20:24 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{350FAAFA-D3D1-4EC3-A472-407D09BE5CB9}
[2011/06/02 05:39:44 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{0A51989C-8295-493C-93E1-AEE46F7D094E}
[2011/06/01 05:42:11 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{15E0B1CD-FE7C-4E6E-B4F0-BFAB9CBEE2C6}
[2011/05/31 05:45:31 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{5777E63C-422E-4CC1-8B32-FA4C69D32DB2}
[2011/05/31 03:41:44 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2011/05/30 05:30:42 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{FFC42981-0865-4A38-BFD0-8BA8C4CBC751}
[2011/05/29 15:03:25 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{94FC5207-5A17-414E-A298-A9B61D568957}
[2011/05/29 03:02:58 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{4FBF60C5-364B-46F0-8A48-6DCC96EBDD71}
[2011/05/28 15:02:21 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{52409D8E-9D76-4605-905F-6C1A99E439E3}
[2011/05/28 05:19:18 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Roaming\vlc
[2011/05/28 05:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/28 03:01:44 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{5733A6CA-A3FF-4A51-8A99-CC1E6B036C1E}
[2011/05/27 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{31FCA85A-DEEB-48FB-9EAF-CCE447EDD84F}

========== Files - Modified Within 30 Days ==========

[2011/06/26 02:50:23 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/06/25 18:26:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/25 18:23:52 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/25 06:27:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011/06/25 03:40:11 | 000,002,024 | ---- | M] () -- C:\Users\aliB\Desktop\Mozilla Firefox.lnk
[2011/06/25 02:24:06 | 000,017,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/25 02:24:06 | 000,017,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/25 02:23:55 | 000,690,196 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/06/25 02:23:55 | 000,662,180 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/25 02:23:55 | 000,479,050 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2011/06/25 02:23:55 | 000,129,726 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/06/25 02:23:55 | 000,121,976 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/25 02:23:55 | 000,094,572 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2011/06/19 12:51:51 | 000,002,441 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/16 15:11:45 | 000,417,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/16 14:46:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/06/16 14:45:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011/06/15 05:35:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\aliB\Desktop\OTL.exe
[2011/06/06 10:20:00 | 002,073,497 | ---- | M] () -- C:\Users\aliB\Documents\logic reports.zip
[2011/05/28 05:19:07 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/05/28 05:19:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/28 05:03:47 | 020,533,281 | ---- | M] () -- C:\Users\aliB\Desktop\vlc-1.1.9-win32.exe

========== Files Created - No Company Name ==========

[2011/06/25 03:40:11 | 000,002,024 | ---- | C] () -- C:\Users\aliB\Desktop\Mozilla Firefox.lnk
[2011/06/06 10:20:00 | 002,073,497 | ---- | C] () -- C:\Users\aliB\Documents\logic reports.zip
[2011/06/03 04:53:38 | 164,254,690 | ---- | C] () -- C:\Users\aliB\Desktop\EN_2601_2602_Patch.exe
[2011/05/28 05:19:07 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/05/28 04:55:46 | 020,533,281 | ---- | C] () -- C:\Users\aliB\Desktop\vlc-1.1.9-win32.exe
[2011/04/27 17:09:22 | 000,000,025 | ---- | C] () -- C:\Windows\CDE CX8300ERUkAr.ini
[2011/04/15 07:04:30 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2011/04/05 09:06:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011/04/04 12:36:44 | 000,000,019 | ---- | C] () -- C:\Windows\CLOSEAPP.INI
[2011/01/13 06:20:21 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2010/11/08 08:50:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/01 08:38:48 | 002,195,440 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/31 17:28:52 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 03:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 03:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/05/08 04:11:17 | 000,010,147 | ---- | C] () -- C:\Users\aliB\AppData\Local\Tempnod.jpg

========== LOP Check ==========

[2011/06/22 15:27:59 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\.minecraft
[2011/06/03 06:24:24 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2011/06/05 04:04:08 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/04/01 15:18:33 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\DAEMON Tools Lite
[2011/04/30 02:52:31 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\GetRightToGo
[2011/04/30 02:53:16 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\iPhone Tool Kits
[2011/01/28 15:49:57 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\Red Alert 3
[2011/01/19 05:48:04 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\SystemRequirementsLab
[2010/11/10 16:48:27 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\TeamViewer
[2011/04/09 02:26:21 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\Thinstall
[2011/05/27 07:31:05 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\Tunngle
[2011/05/24 11:48:45 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\uTorrent
[2011/06/04 08:33:59 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/04/02 12:33:23 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DAEMON Tools Lite
[2011/06/16 14:42:32 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\uTorrent
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/04/03 04:50:29 | 000,000,000 | ---D | M] -- C:\ProgramData\BioWare
[2011/04/01 15:13:08 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/01/13 06:26:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2011/04/27 17:19:23 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/04/17 11:28:44 | 000,000,000 | ---D | M] -- C:\ProgramData\FNET
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/05/27 07:31:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Tunngle
[2011/04/17 04:27:11 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/06/14 15:04:00 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 --
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 --
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C --
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C --
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IASTORV.SYS >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D --
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 --
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 --
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NTOSKRNL.EXE >
[2011/04/09 02:21:32 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=0F4A148499CC6FA5D84A0F1587869051 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntoskrnl.exe
[2010/11/20 08:30:06 | 003,911,040 | ---- | M] (Microsoft Corporation) MD5=2088D9994332583EDB3C561DE31EA5AD -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[2011/04/09 02:54:07 | 005,475,712 | ---- | M] (Microsoft Corporation) MD5=240D89BBE5BCD168D748D6C12B6FE884 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_c8d63818e6d4d57c\ntoskrnl.exe
[2010/06/19 03:05:01 | 005,507,968 | ---- | M] (Microsoft Corporation) MD5=28C4FE45FC1B176FA74A48FB15DE7C9A -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_c8730901cd997f9b\ntoskrnl.exe
[2010/06/19 03:05:25 | 005,474,184 | ---- | M] (Microsoft Corporation) MD5=5223C216E348E397C5EACCBEFB57FFF2 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_c8e8063ee6c6709e\ntoskrnl.exe
[2011/04/09 02:02:25 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=5D21C487F79F8245E799071589E035BF -- C:\Windows\SysWOW64\ntoskrnl.exe
[2011/04/09 02:02:25 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=5D21C487F79F8245E799071589E035BF -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe
[2010/10/27 00:43:38 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=776201760B5692F10DDA3BE85B54F213 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntoskrnl.exe
[2010/06/19 02:33:29 | 003,899,784 | ---- | M] (Microsoft Corporation) MD5=8218E74A67942120BF8EE30661EDF83F -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntoskrnl.exe
[2011/04/09 02:50:20 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=99C2715F138E7ED2F489AB796DD3B53C -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe
[2009/07/13 21:48:28 | 005,511,248 | ---- | M] (Microsoft Corporation) MD5=9E722B768E33D26AD8FA7D642E707443 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[2009/07/13 21:20:44 | 003,899,472 | ---- | M] (Microsoft Corporation) MD5=B9D673F7707219DFD264891A26C21ECB -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe
[2010/10/27 00:33:37 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=C6169F5FDC8399E0C6C0729AB6EF2EF8 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntoskrnl.exe
[2010/11/20 09:33:46 | 005,563,776 | ---- | M] (Microsoft Corporation) MD5=C6CEC3E6CC9842B73501C70AA64C00FE -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[2011/04/09 02:01:20 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=D385343510B75545EC5DB3A64C2D2492 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe
[2010/06/19 02:37:01 | 003,909,512 | ---- | M] (Microsoft Corporation) MD5=D5662CD1F9B85936561A07ADC400ACF4 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntoskrnl.exe
[2011/04/09 03:02:55 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=D60D9BCEAE5870A67E6C167F4681877B -- C:\Windows\SysWOW64\ntoskrnl.exe
[2011/04/09 03:02:55 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=D60D9BCEAE5870A67E6C167F4681877B -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe
[2011/04/09 02:13:06 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=D9FD1D6337F15AAF2012C69909615DB5 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntoskrnl.exe
[2011/04/09 02:45:48 | 005,509,504 | ---- | M] (Microsoft Corporation) MD5=E03A9AC0273182895DCB3693A36785C9 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_c8178a15cddedd97\ntoskrnl.exe
[2010/10/27 01:18:36 | 005,510,528 | ---- | M] (Microsoft Corporation) MD5=E2EA143288BFF3D6B3AEB88C3BC02DAF -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe
[2010/10/27 01:23:11 | 005,477,248 | ---- | M] (Microsoft Corporation) MD5=E6FC5686F6BB6F0CEB1107E6D064A944 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A --
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A --
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 --
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: UXTHEME.DLL >
[2009/07/13 21:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) MD5=43964FA89CCF97BA6BE34D69455AC65F -- C:\Windows\SysWOW64\uxtheme.dll
[2009/07/13 21:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) MD5=43964FA89CCF97BA6BE34D69455AC65F -- C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll
[2009/07/13 21:41:56 | 000,332,288 | ---- | M] (Microsoft Corporation) MD5=D29E998E8277666982B4F0303BF4E7AF -- C:\Windows\SysWOW64\uxtheme.dll
[2009/07/13 21:41:56 | 000,332,288 | ---- | M] (Microsoft Corporation) MD5=D29E998E8277666982B4F0303BF4E7AF -- C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll

< MD5 for: VOLSNAP.SYS >
[2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 --
[2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 --
[2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 --
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/11/20 08:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011/06/26 02:50:23 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/06/25 18:23:52 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/17 07:54:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/10 18:20:42 | 000,000,020 | -H-- | M] () -- C:\Medion.ini
[2009/09/17 07:54:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/06/25 18:23:56 | 4293,320,704 | -HS- | M] () -- C:\pagefile.sys
[2009/07/10 18:13:50 | 000,000,058 | -H-- | M] () -- C:\Partition.txt
[2009/08/01 08:16:42 | 000,000,039 | -H-- | M] () -- C:\pdfinfo.ini
[2008/03/21 02:53:14 | 000,000,477 | -H-- | M] () -- C:\RHDSetup.log
[2011/06/24 03:05:47 | 000,000,357 | ---- | M] () -- C:\rkill.log
[2011/06/23 07:11:54 | 000,001,365 | ---- | M] () -- C:\text.txt
[2010/03/19 19:55:52 | 002,073,703 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.CAB
[2010/03/19 19:58:20 | 000,551,424 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.MSI

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
< End of report >
  • 0

#4
JSntgRvr
Posted 26 June 2011 - 10:54 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
You may be right. There nothing in that log that may prevent you from booting safely. The boot sector should be fine as it seems to call upon the boot manager. The only thing I may be looking at is the BCD store.

Did you try a system restore within the Repair Console? I am putting the log above out of the public eye and moving the topic.
  • 0

#5
ali.B
Posted 26 June 2011 - 11:04 AM

ali.B

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 3,086 posts
Unfortunately i do not have any Restore points.

I have tried the Start-Up repair but that didn't report any issue.

To perform a repair install i must be logged into the windows and i can't. :unsure:

I am currently on the copy of windows i installed on the other drive.

Reinstalling = a lot of work :)
  • 0

#6
JSntgRvr
Posted 26 June 2011 - 11:20 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
I am sure is a lot of work. Run chkdsk. If that wont help, try to rebuild the BCD store. The only issue with repairing the BCD store is that you will lose the access to the "Repair my computer" option in the advanced menu. If you have however, a Recovery CD with this option I would recommend you to do so.

This is how is done:

Boot to the Repair Console and select the Command prompt.

At the prompt type the following and press Enter after each line.

CHKDSK C: /R

This command will take a considerable amount of time. (At least One hour) If it take more than two hours, then you may have bad sectors in the hard drive.

Once done test to see if able to boot. I would also recommend you remove all peripherals from the computer during this process.

If that wont work, then try to rebuild the BCD as follows:

Boot with the CD, Select Repair your Computer and bring the computer to a command prompt. At the prompt type the following and press Enter:

BCDEdit /export c:\bcd_backup

Leave a space among the following arguments:

BCDEdit
/export
c:\bcd_backup


This command should be successful before continuing. It is always important to backup the BCD before rebuilding the store. If successful, at the prompt type the following and press Enter after each line:

Line 1

Attrib -r -s -h C:\boot\bcd

Leave a space among the following arguments:

Attrib
-r
-s
-h
C:\boot\bcd


Line 2

Ren C:\boot\bcd bcd.old

Leave a space among the following arguments:

Ren
C:\boot\bcd
bcd.old


Line 3

bootrec /rebuildbcd

Leave a space among the following arguments:

bootrec
/rebuildbcd



The computer will be scanned, and once the installation is detected a dialog box will appear asking if you want to add the installation to the boot list. Select Yes(Y)

If successful, restart the computer and test.
  • 0

#7
ali.B
Posted 26 June 2011 - 11:34 AM

ali.B

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 3,086 posts

The only issue with repairing the BCD store is that you will lose the access to the "Repair my computer" option in the advanced menu. If you have however, a Recovery CD with this option I would recommend you to do so.


I'll use my Windows disk to access the cmd.

I have another repair disk the one you create from windows that will bring up the advanced menu only.

Which to use?
  • 0

#8
JSntgRvr
Posted 26 June 2011 - 11:39 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
The Repair Disk will do.
  • 0

#9
ali.B
Posted 26 June 2011 - 01:25 PM

ali.B

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 3,086 posts
That was worth trying.

No luck :)
  • 0

#10
JSntgRvr
Posted 26 June 2011 - 02:49 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Boot to the OTLPE CD again. On the Reatogo desktop there is an icon for for MBRFix. Double click on it and a command window will be displayed. At the prompt type the following and press Enter after each line:

Copy MBRFix.exe C:\
C:
cd \
MBRFix /Drive 0 savembr MBRDUMP.txt


The drive is drive zero (/Drive 0)

A MBRDUMP.txt file will be created in the C:\ folder. Attach that file to a reply.

Type Exit to return to the desktop.

  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to None
    • Change Standard Registry to None
    • Under the Custom Scan box paste this in



      /md5start
      wininit.exe
      winload.exe
      /md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

  • 0

Advertisements

#11
ali.B
Posted 26 June 2011 - 03:54 PM

ali.B

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 3,086 posts
I ran into a problem with in OTLPE, my keyboard keys weren't correct, for example if i hit the "0" key i would get \
P gets me * etc...

The MBRDump.txt is pretty much odd here is the log

3ÀĐ¼ |Àؾ |¿ ¹ üó¤PhËû¹ ½¾€~ | …ƒÅâñ͈V UÆFÆF ´A»ªUÍ]rûUªu ÷Á t₫Ff`€~ t&fh fÿvh h |h h ´BV ‹ôÍŸƒÄ븻 |V vNnÍfas₫Nu €~ €„ ²€ë„U2äV Í]ë>₫}Uªunÿv è uú°Ñædèƒ °ßæ`è| °ÿædèu û¸ »Íf#Àu;fûTCPAu2ùr,fh» fh  fh fSfSfUfh fh | fah ÍZ2öê | Í ·ë ¶ë µ2ä ‹đ¬< t » ´Íẹ̈ôëư+Éädë $àø$ĂInvalid partition table Error loading operating system Missing operating system c{æ
uƠ ! '₫ÿÿ   €₫ÿÿ₫ÿÿ   h ₫ÿÿ₫ÿÿ p¡ 0 ₫ÿÿ₫ÿÿ pÑ$ pq Uª


This is OTL

OTL logfile created on: 6/27/2011 1:31:00 AM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144.04 Gb Total Space | 66.48 Gb Free Space | 46.16% Space Free | Partition Type: NTFS
Drive D: | 137.50 Gb Total Space | 95.27 Gb Free Space | 69.29% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 08:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 08:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/22 15:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/01/11 00:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Files/Folders - Created Within 30 Days ==========

[2011/06/27 01:05:56 | 000,123,904 | ---- | C] (Systemintegrasjon AS) -- C:\MbrFix.exe
[2011/06/25 03:13:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/25 02:43:08 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{111D29D6-0C3F-407B-9B77-B68560D8EEA2}
[2011/06/24 14:42:39 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{C7CE4D42-CCC5-49F3-9616-48131CDFAECD}
[2011/06/24 01:39:06 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{F0CEAAAB-EE74-47AA-9B9E-88718E71BFCF}
[2011/06/23 05:30:39 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{802D9F52-09CE-4C33-A84F-FEC1FFDA035E}
[2011/06/22 15:27:59 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Roaming\.minecraft
[2011/06/22 14:50:47 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{B2B38398-5C89-48C9-9CDA-AC7FE0C51660}
[2011/06/22 02:50:18 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{466E16D8-3CF0-40C3-99B7-F987E091EB94}
[2011/06/21 05:43:41 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{D0A76B44-0ED0-4C90-AE79-6E8E00837ABF}
[2011/06/20 17:01:08 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{E0249EE9-8BED-42C0-A72C-ADD570A60442}
[2011/06/20 05:00:38 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{E3A2A432-FFE3-484D-9E1B-6BBC65C84FE5}
[2011/06/19 14:50:49 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{AEAF72D9-A53B-4E86-8F76-7E7699120506}
[2011/06/19 12:51:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/19 02:50:35 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{DE14CB7C-083A-4C59-8178-6E673BE50BC3}
[2011/06/18 06:45:26 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{42BCF302-20A2-4F5E-B217-5AFA792FAFD5}
[2011/06/17 15:45:56 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{9055E700-3BBA-4811-8BB7-21EB41E52818}
[2011/06/17 01:58:50 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{3696A8F8-B16A-4295-B7DC-3819817614D8}
[2011/06/17 01:46:58 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\Apple Computer
[2011/06/16 14:47:06 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2011/06/16 14:47:05 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/16 14:47:04 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/16 14:47:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/16 14:47:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/16 14:47:03 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/06/16 14:47:03 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/16 14:47:03 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/06/16 12:52:59 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\vlc
[2011/06/16 06:47:11 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2011/06/16 05:12:08 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{35BE9668-C46C-4269-9696-EE13011C7C8B}
[2011/06/15 17:11:42 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{B347DFBA-4982-4007-AAEE-04D3F339A976}
[2011/06/15 05:35:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\aliB\Desktop\OTL.exe
[2011/06/15 05:11:17 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{6C64933D-248A-4E33-BA94-52BB029E4DE4}
[2011/06/14 15:04:36 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{344B8F66-A45F-4C9B-B3CC-B0673B0B0673}
[2011/06/14 04:41:33 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{77A1ADED-34B1-411C-A289-99421C175169}
[2011/06/13 14:52:22 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{211DAC36-7A48-4AE1-9B19-E3B8186BCA50}
[2011/06/13 00:24:34 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{02D80BBB-AA81-4FB3-91F9-D0E40FBFBD9D}
[2011/06/12 14:27:43 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{220613A3-3A0F-4455-91D1-57603F6ABE23}
[2011/06/12 02:27:30 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{F14ACB8A-7079-4B0D-AA01-6A4BB511DC80}
[2011/06/11 02:27:02 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{1770ACBB-CDD3-4C58-88C3-CE58BEF00A79}
[2011/06/10 14:26:26 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{F82F2D57-F355-43C1-94D4-987189514D8A}
[2011/06/09 23:39:51 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{6E5DC6AC-0EFC-4A6A-9201-FFA44467C6B5}
[2011/06/09 04:59:37 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{6FDAE5AC-9E4D-4507-B80A-BE77525E498C}
[2011/06/08 05:26:13 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{D0F0C78D-94BB-4A10-853B-D2ADD1CD2F8D}
[2011/06/07 15:00:48 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{085DE207-AF44-4DDD-B5D7-33FFD5FD6C9D}
[2011/06/07 05:22:09 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{EA964CF9-F429-409C-9815-6EE445AE97E2}
[2011/06/06 05:46:00 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{5DC92D67-230A-48EC-B1BC-CA14510D82B7}
[2011/06/05 15:45:45 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{1A475898-8775-42E0-86F7-7CFDBA7A4F74}
[2011/06/05 12:59:35 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{7FDBE12E-6543-4842-89C7-2DBC486AC114}
[2011/06/05 06:34:22 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{197F0DB9-A0F9-4F85-952C-E0DFE5ED462B}
[2011/06/05 04:04:44 | 000,000,000 | ---D | C] -- C:\Users\aliB\Documents\Command & Conquer 3 Tiberium Wars
[2011/06/04 16:05:48 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{B87B1E0F-FA22-48B5-86EC-A00D73E83201}
[2011/06/04 08:36:16 | 000,000,000 | ---D | C] -- C:\Users\Guest\Documents\Command & Conquer 3 Tiberium Wars
[2011/06/04 08:33:14 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/06/04 03:52:28 | 000,000,000 | ---D | C] -- C:\Users\aliB\Documents\Command & Conquer 3 Kane's Wrath
[2011/06/04 02:29:55 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{1023CCD6-E01F-4A99-B607-ACF888406214}
[2011/06/03 14:29:28 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{45498ECF-95C9-4471-8A83-4A5A8C770AAC}
[2011/06/03 13:20:55 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{CF56FF2C-0048-4A3B-8BD4-C3A7381837DA}
[2011/06/03 13:05:13 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/06/03 05:27:03 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2011/06/03 05:08:57 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/06/03 01:20:24 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{350FAAFA-D3D1-4EC3-A472-407D09BE5CB9}
[2011/06/02 05:39:44 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{0A51989C-8295-493C-93E1-AEE46F7D094E}
[2011/06/01 05:42:11 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{15E0B1CD-FE7C-4E6E-B4F0-BFAB9CBEE2C6}
[2011/05/31 05:45:31 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{5777E63C-422E-4CC1-8B32-FA4C69D32DB2}
[2011/05/31 03:41:44 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2011/05/30 05:30:42 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{FFC42981-0865-4A38-BFD0-8BA8C4CBC751}
[2011/05/29 15:03:25 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{94FC5207-5A17-414E-A298-A9B61D568957}
[2011/05/29 03:02:58 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{4FBF60C5-364B-46F0-8A48-6DCC96EBDD71}
[2011/05/28 15:02:21 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{52409D8E-9D76-4605-905F-6C1A99E439E3}
[2011/05/28 05:19:18 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Roaming\vlc
[2011/05/28 05:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/28 03:01:44 | 000,000,000 | ---D | C] -- C:\Users\aliB\AppData\Local\{5733A6CA-A3FF-4A51-8A99-CC1E6B036C1E}

========== Files - Modified Within 30 Days ==========

[2011/06/27 02:15:24 | 000,040,960 | ---- | M] () -- C:\bcd_backup
[2011/06/26 15:22:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/26 15:19:54 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/26 02:50:23 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/06/25 06:27:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011/06/25 03:40:11 | 000,002,024 | ---- | M] () -- C:\Users\aliB\Desktop\Mozilla Firefox.lnk
[2011/06/25 02:24:06 | 000,017,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/25 02:24:06 | 000,017,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/25 02:23:55 | 000,690,196 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/06/25 02:23:55 | 000,662,180 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/25 02:23:55 | 000,479,050 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2011/06/25 02:23:55 | 000,129,726 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/06/25 02:23:55 | 000,121,976 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/25 02:23:55 | 000,094,572 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2011/06/19 12:51:51 | 000,002,441 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/16 15:11:45 | 000,417,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/16 14:46:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/06/16 14:45:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011/06/15 05:35:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\aliB\Desktop\OTL.exe
[2011/06/06 10:20:00 | 002,073,497 | ---- | M] () -- C:\Users\aliB\Documents\logic reports.zip
[2011/05/28 05:19:07 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/05/28 05:19:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/28 05:03:47 | 020,533,281 | ---- | M] () -- C:\Users\aliB\Desktop\vlc-1.1.9-win32.exe

========== Files Created - No Company Name ==========

[2011/06/27 02:15:24 | 000,040,960 | ---- | C] () -- C:\bcd_backup
[2011/06/25 03:40:11 | 000,002,024 | ---- | C] () -- C:\Users\aliB\Desktop\Mozilla Firefox.lnk
[2011/06/06 10:20:00 | 002,073,497 | ---- | C] () -- C:\Users\aliB\Documents\logic reports.zip
[2011/06/03 04:53:38 | 164,254,690 | ---- | C] () -- C:\Users\aliB\Desktop\EN_2601_2602_Patch.exe
[2011/05/28 05:19:07 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/05/28 04:55:46 | 020,533,281 | ---- | C] () -- C:\Users\aliB\Desktop\vlc-1.1.9-win32.exe
[2011/04/27 17:09:22 | 000,000,025 | ---- | C] () -- C:\Windows\CDE CX8300ERUkAr.ini
[2011/04/15 07:04:30 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2011/04/05 09:06:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011/04/04 12:36:44 | 000,000,019 | ---- | C] () -- C:\Windows\CLOSEAPP.INI
[2011/01/13 06:20:21 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2010/11/08 08:50:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/01 08:38:48 | 002,195,440 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/31 17:28:52 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 03:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 03:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/05/08 04:11:17 | 000,010,147 | ---- | C] () -- C:\Users\aliB\AppData\Local\Tempnod.jpg

========== LOP Check ==========

[2011/06/22 15:27:59 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\.minecraft
[2011/06/03 06:24:24 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2011/06/05 04:04:08 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/04/01 15:18:33 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\DAEMON Tools Lite
[2011/04/30 02:52:31 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\GetRightToGo
[2011/04/30 02:53:16 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\iPhone Tool Kits
[2011/01/28 15:49:57 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\Red Alert 3
[2011/01/19 05:48:04 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\SystemRequirementsLab
[2010/11/10 16:48:27 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\TeamViewer
[2011/04/09 02:26:21 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\Thinstall
[2011/05/27 07:31:05 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\Tunngle
[2011/05/24 11:48:45 | 000,000,000 | ---D | M] -- C:\Users\aliB\AppData\Roaming\uTorrent
[2011/06/04 08:33:59 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/04/02 12:33:23 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DAEMON Tools Lite
[2011/06/16 14:42:32 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\uTorrent
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/04/03 04:50:29 | 000,000,000 | ---D | M] -- C:\ProgramData\BioWare
[2011/04/01 15:13:08 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/01/13 06:26:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2011/04/27 17:19:23 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/04/17 11:28:44 | 000,000,000 | ---D | M] -- C:\ProgramData\FNET
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/05/27 07:31:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Tunngle
[2011/04/17 04:27:11 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/06/14 15:04:00 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: WININIT.EXE >
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOAD.EXE >
[2011/02/05 08:39:21 | 000,603,976 | ---- | M] (Microsoft Corporation) MD5=09DD82F21499682086554C054676F08C -- C:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.16757_none_c55000c1a6617837\winload.exe
[2011/02/05 08:39:21 | 000,603,976 | ---- | M] (Microsoft Corporation) MD5=09DD82F21499682086554C054676F08C -- C:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66\winload.exe
[2011/02/05 08:40:06 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=1814099E8025B579C57279AD3F1A7931 -- C:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.21655_none_c7bdf9febca7513f\winload.exe
[2011/02/05 08:40:06 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=1814099E8025B579C57279AD3F1A7931 -- C:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e\winload.exe
[2011/02/05 13:06:41 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=78C918D3612FE5937D32E488F053F10A --
[2011/02/05 13:06:41 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=78C918D3612FE5937D32E488F053F10A --
[2011/02/05 13:06:41 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=78C918D3612FE5937D32E488F053F10A -- C:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17556_none_c7355d7da388cacc\winload.exe
[2011/02/05 13:06:41 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=78C918D3612FE5937D32E488F053F10A -- C:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb\winload.exe
[2011/02/05 08:30:30 | 000,605,040 | ---- | M] (Microsoft Corporation) MD5=8139738658C31621541293085A94681D -- C:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.20897_none_c5ae5ddcbf9f87c5\winload.exe
[2011/02/05 08:30:30 | 000,605,040 | ---- | M] (Microsoft Corporation) MD5=8139738658C31621541293085A94681D -- C:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4\winload.exe
[2009/07/13 21:43:15 | 000,604,192 | ---- | M] (Microsoft Corporation) MD5=87B2086D7382A42935D55EC69E5E71AB -- C:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.16385_none_c52d88d1a67ba4c0\winload.exe
[2009/07/13 21:43:15 | 000,604,192 | ---- | M] (Microsoft Corporation) MD5=87B2086D7382A42935D55EC69E5E71AB -- C:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef\winload.exe
[2010/11/20 09:28:59 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=E2F68DC7FBD6E0BF031CA3809A739346 -- C:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winload.exe
[2010/11/20 09:28:59 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=E2F68DC7FBD6E0BF031CA3809A739346 -- C:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89\winload.exe
< End of report >
  • 0

#12
JSntgRvr
Posted 26 June 2011 - 04:21 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Attach the MBRDUMP instead.
  • 0

#13
ali.B
Posted 26 June 2011 - 04:24 PM

ali.B

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 3,086 posts
here it is

Attached Files


  • 0

#14
JSntgRvr
Posted 26 June 2011 - 05:09 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
I am not getting the report I need from OTLPE.

Download the enclosed folder.

Save and extract its contents to the USB drive. It is a batch file. Insert the USB drive and boot to the otlpe CD. Locate the query.bat in the USB and double click on it. It should produce a Report.txt next to the batch file. Post its contents in your next reply.
  • 0

#15
ali.B
Posted 27 June 2011 - 02:18 AM

ali.B

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 3,086 posts
Volume in drive C is ACER
Volume Serial Number is 9E1F-60F9

Directory of C:\windows\System32

02/05/2011 01:06 PM 605,552 winload.exe
1 File(s) 605,552 bytes

Directory of C:\windows\System32\Boot

02/05/2011 01:06 PM 605,552 winload.exe
1 File(s) 605,552 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.16385_none_c52d88d1a67ba4c0

07/13/2009 09:43 PM 604,192 winload.exe
1 File(s) 604,192 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.16757_none_c55000c1a6617837

02/05/2011 08:39 AM 603,976 winload.exe
1 File(s) 603,976 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.20897_none_c5ae5ddcbf9f87c5

02/05/2011 08:30 AM 605,040 winload.exe
1 File(s) 605,040 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a

11/20/2010 09:28 AM 605,552 winload.exe
1 File(s) 605,552 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17556_none_c7355d7da388cacc

02/05/2011 01:06 PM 605,552 winload.exe
1 File(s) 605,552 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.21655_none_c7bdf9febca7513f

02/05/2011 08:40 AM 605,552 winload.exe
1 File(s) 605,552 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef

07/13/2009 09:43 PM 604,192 winload.exe
1 File(s) 604,192 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66

02/05/2011 08:39 AM 603,976 winload.exe
1 File(s) 603,976 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4

02/05/2011 08:30 AM 605,040 winload.exe
1 File(s) 605,040 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89

11/20/2010 09:28 AM 605,552 winload.exe
1 File(s) 605,552 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb

02/05/2011 01:06 PM 605,552 winload.exe
1 File(s) 605,552 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e

02/05/2011 08:40 AM 605,552 winload.exe
1 File(s) 605,552 bytes

Total Files Listed:
14 File(s) 8,470,832 bytes
0 Dir(s) 71,387,758,592 bytes free
Volume in drive C is ACER
Volume Serial Number is 9E1F-60F9

Directory of C:\windows\System32

07/13/2009 09:39 PM 129,024 wininit.exe
1 File(s) 129,024 bytes

Directory of C:\windows\SysWOW64

07/13/2009 09:14 PM 96,256 wininit.exe
1 File(s) 96,256 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49

07/13/2009 09:39 PM 129,024 wininit.exe
1 File(s) 129,024 bytes

Directory of C:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13

07/13/2009 09:14 PM 96,256 wininit.exe
1 File(s) 96,256 bytes

Total Files Listed:
4 File(s) 450,560 bytes
0 Dir(s) 71,387,754,496 bytes free
Volume in drive C is ACER
Volume Serial Number is 9E1F-60F9

Directory of C:\windows\System32

11/20/2010 09:25 AM 390,656 winlogon.exe
1 File(s) 390,656 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c

07/13/2009 09:39 PM 389,120 winlogon.exe
1 File(s) 389,120 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad

10/28/2009 02:24 AM 389,632 winlogon.exe
1 File(s) 389,632 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8

10/28/2009 03:01 AM 389,632 winlogon.exe
1 File(s) 389,632 bytes

Directory of C:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636

11/20/2010 09:25 AM 390,656 winlogon.exe
1 File(s) 390,656 bytes

Total Files Listed:
5 File(s) 1,949,696 bytes
0 Dir(s) 71,387,754,496 bytes free
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP