Privacy Protection & System Restore Virus [Solved]
Started by
Stv73
, Nov 08 2011 06:44 PM
This topic is locked
#16
Posted 24 November 2011 - 12:40 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
#17
Posted 25 November 2011 - 04:38 PM
Stv73
- Topic Starter
-
- Member
-
- 30 posts
Member
Alright. The Dr. Web Scanner ran for 13 hours! It listed each file as they were scanned, most followed with an "Ok". By some amazing coincidence, I came back to check on it after hours just in time to see that the green splash screen had returned, the CD drive popped open on its own and the system shuts down. I hope this is how it exits after a completed scan?
I booted into normal Windows with no Safe Mode or anything. No shut downs so far (about an hour), and Firefox isn't losing its default status anymore (it asked to be set to default the first time I opened it, but maybe its default status was lost before the scan). However, half my Start Menu is still missing. I'm not talking about shortcuts (those were restored with an earlier utility you had me use). I'm talking about the options under "Computer", etc. Perhaps this was also a one-shot change the malware pulled off before.
Here is a fresh OTL scan with the same custom scan as last time:
OTL logfile created on: 11/25/2011 4:28:34 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steve\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 65.38% Memory free
7.99 Gb Paging File | 6.14 Gb Available in Paging File | 76.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.97 Gb Total Space | 198.69 Gb Free Space | 43.86% Space Free | Partition Type: NTFS
Computer Name: HONOR | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/08 19:16:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Downloads\OTL.exe
PRC - [2011/01/05 12:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/11/11 12:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/11/11 12:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/11/11 12:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010/11/11 12:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010/08/26 23:59:51 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/08/26 23:59:27 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/08 18:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/04 00:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/04 00:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/04 00:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/02/01 13:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/13 12:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/12/24 20:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 20:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/06/18 06:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009/06/18 05:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2009/06/18 05:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2009/06/15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
PRC - [2009/06/04 08:31:10 | 000,193,648 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2009/06/04 03:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe
PRC - [2009/03/05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
PRC - [2008/12/30 10:19:14 | 000,109,136 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
PRC - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nipalsm.exe
PRC - [2008/06/20 14:46:24 | 000,607,848 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
========== Modules (No Company Name) ==========
MOD - [2011/01/05 12:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2010/11/11 12:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2010/11/11 12:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/03/08 19:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010/01/13 12:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/05/20 17:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/10/13 11:41:06 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/10/13 11:41:04 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2010/08/24 13:57:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/08/24 13:57:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/08/24 13:57:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/04/15 08:45:10 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/03/29 11:41:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/02/05 22:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/05 01:55:06 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/11/11 12:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 12:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 12:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 11:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/26 23:59:51 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/08/26 23:59:27 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/08/19 12:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/04/13 03:57:13 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/04 00:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/01 13:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/26 10:49:18 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/06/18 06:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 05:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 05:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:31:10 | 000,193,648 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2009/06/04 03:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2009/03/05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2008/10/31 13:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (nipxirmu)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (nidevldu)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (ni488enumsvc)
SRV - [2008/06/20 14:46:24 | 000,607,848 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2007/05/09 14:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 16:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/11/11 12:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/11/11 12:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/11/11 12:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/11/11 12:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/11/11 11:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/11/11 09:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/11/11 09:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/10/05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/05 13:26:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/05 13:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/08/24 13:57:38 | 000,529,000 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,441,072 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/08/24 13:57:38 | 000,283,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,094,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/08/24 13:57:38 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/07/12 13:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010/04/14 00:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/04/01 19:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/29 11:51:38 | 006,405,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/29 10:46:28 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/09 09:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/01 21:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/10/16 05:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/17 23:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/21 12:58:08 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV:64bit: - [2009/06/21 12:58:06 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViPciKl.sys -- (NiViPciK)
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/17 14:26:22 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidsarkl.sys -- (nidsark)
DRV:64bit: - [2009/06/17 10:35:48 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1045kl.sys -- (ni1045k)
DRV:64bit: - [2009/06/17 00:15:00 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidmxfkl.sys -- (nidmxfk)
DRV:64bit: - [2009/06/16 23:05:24 | 000,011,880 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimxpkl.sys -- (nimxpk)
DRV:64bit: - [2009/06/14 14:32:28 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niorbkl.sys -- (niorbk)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 16:02:22 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\nipxirmkl.sys -- (nipxirmk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 21:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/28 21:16:50 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niwfrkl.sys -- (niwfrk)
DRV:64bit: - [2009/05/28 21:16:44 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nissrkl.sys -- (nissrk)
DRV:64bit: - [2009/05/28 21:15:32 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niesrkl.sys -- (niesrk)
DRV:64bit: - [2009/05/28 21:14:48 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nixsrkl.sys -- (nixsrk)
DRV:64bit: - [2009/05/28 21:13:54 | 000,011,880 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niufurkl.sys -- (niufurk)
DRV:64bit: - [2009/05/28 21:11:18 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkl.sys -- (niemrk)
DRV:64bit: - [2009/05/28 21:11:12 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicsrkl.sys -- (nicsrk)
DRV:64bit: - [2009/05/28 21:11:06 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkw.sys -- (niemrkw)
DRV:64bit: - [2009/05/26 19:35:44 | 000,012,928 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV:64bit: - [2009/05/26 19:34:42 | 000,883,288 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipalk.sys -- (NIPALK)
DRV:64bit: - [2009/05/26 19:33:28 | 000,012,920 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/01 14:31:02 | 000,026,704 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1065k.sys -- (ni1065k)
DRV:64bit: - [2009/04/01 14:16:54 | 000,030,800 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1006k.sys -- (ni1006k)
DRV:64bit: - [2009/03/30 12:59:00 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisftkl.sys -- (nisftk)
DRV:64bit: - [2009/03/30 12:58:50 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ninshsdkl.sys -- (ninshsdk)
DRV:64bit: - [2009/03/05 15:16:10 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViFWKl.sys -- (NiViFWK)
DRV:64bit: - [2009/02/05 21:32:20 | 000,011,312 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb6xxxkw.sys -- (usb6xxxkw)
DRV:64bit: - [2009/02/05 21:32:16 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisdigkl.sys -- (nisdigk)
DRV:64bit: - [2009/01/05 08:28:30 | 000,011,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nispdkl.sys -- (nispdk)
DRV:64bit: - [2009/01/05 08:28:28 | 000,011,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niscdkl.sys -- (niscdk)
DRV:64bit: - [2009/01/02 16:54:08 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nitiorkl.sys -- (nitiork)
DRV:64bit: - [2009/01/02 16:40:54 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistcrkl.sys -- (nistcrk)
DRV:64bit: - [2009/01/02 16:37:02 | 000,011,824 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistc2kl.sys -- (nistc2k)
DRV:64bit: - [2009/01/02 16:02:10 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicdrkl.sys -- (nicdrk)
DRV:64bit: - [2008/12/29 17:24:58 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimsdrkl.sys -- (nimsdrk)
DRV:64bit: - [2008/12/29 17:17:34 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimstskl.sys -- (nimstsk)
DRV:64bit: - [2008/12/05 15:21:30 | 000,025,224 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvalarmk.sys -- (lvalarmk)
DRV:64bit: - [2008/11/24 00:41:54 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimru2kl.sys -- (nimru2k)
DRV:64bit: - [2008/10/21 08:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008/10/21 08:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/10/21 08:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/10/21 08:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/10/21 08:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/10/21 08:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008/08/21 20:04:58 | 000,016,472 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipbcfk.sys -- (nipbcfk)
DRV:64bit: - [2008/07/28 14:08:00 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niswdkl.sys -- (niswdk)
DRV:64bit: - [2008/06/25 11:02:26 | 000,022,104 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipxigpk.sys -- (nipxigpk)
DRV:64bit: - [2008/06/13 13:51:10 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nidimkl.sys -- (nidimk)
DRV:64bit: - [2008/06/13 13:50:42 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimxdfkl.sys -- (nimxdfk)
DRV:64bit: - [2008/06/13 13:49:08 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimdbgkl.sys -- (nimdbgk)
DRV:64bit: - [2007/03/15 14:05:04 | 000,032,768 | ---- | M] (BIOPAC Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mp35usb.sys -- (MP35USB)
DRV:64bit: - [2007/02/26 11:40:46 | 000,017,696 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni488lock.sys -- (ni488lock)
DRV - [2010/08/19 12:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/10/18 09:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\cvintdrv.sys -- (cvintdrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...48z155t4551o616
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...48z155t4551o616
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...48z155t4551o616
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...48z155t4551o616
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...48z155t4551o616
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...48z155t4551o616
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/13 23:10:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/30 15:21:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/08 22:24:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/07 15:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2010/10/26 02:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/10/26 02:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/01 20:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ikq4y6cr.default\extensions
[2011/07/09 00:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/09 00:06:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/22 15:04:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/09 22:41:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 23:06:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/21 16:06:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/07 04:20:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/13 23:10:11 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/09/30 15:21:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/08/24 13:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2006/01/23 09:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV80Win32.dll
[2007/02/08 09:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2007/07/24 17:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv85win32.dll
[2008/12/10 13:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2009/06/23 18:40:40 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2011/09/17 01:26:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
Hosts file not found
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20100916195647.dll (McAfee, Inc.)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20100916195647.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands64.dll (Wolfram Research, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands32.dll (Wolfram Research, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands64.dll (Wolfram Research, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands32.dll (Wolfram Research, Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [niDevMon] C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE3B00ED-3938-4F4E-AD76-8ED6004628A2}: DhcpNameServer = 167.206.251.129 167.206.251.130
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfevtp - C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/11/25 16:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/13 22:57:12 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\RK_Quarantine
[2011/11/08 17:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/08 16:21:57 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/08 01:01:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2011/11/08 01:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/08 01:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/08 01:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/08 00:10:39 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/11/08 00:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/11/07 23:55:41 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/11/07 16:27:58 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\4634.com.exe
[2011/11/05 20:29:59 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\mlclass-ex1
[2011/11/03 03:35:12 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\filter bank project
[2011/11/03 03:33:33 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\filing system template
[2011/11/01 22:24:49 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\ml-class
[2011/10/29 13:43:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\tomima
[2011/10/27 19:22:06 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{92A2B99C-77CD-46CD-86F6-DF5C52580C85}
[2011/10/26 23:44:50 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\cam
[2010/05/13 07:18:52 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/25 16:33:19 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 16:33:19 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 16:25:15 | 000,000,105 | ---- | M] () -- C:\Windows\Brownie.ini
[2011/11/25 16:24:56 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/25 16:24:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/25 16:24:00 | 3219,771,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/19 16:52:09 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2011/11/13 23:24:32 | 270,026,094 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/08 16:21:57 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/08 16:09:59 | 001,008,092 | ---- | M] () -- C:\Users\Steve\Desktop\7k34v9.com.com
[2011/11/08 06:02:42 | 000,852,777 | ---- | M] () -- C:\Users\Steve\AppData\Local\census.cache
[2011/11/08 06:02:22 | 000,079,198 | ---- | M] () -- C:\Users\Steve\AppData\Local\ars.cache
[2011/11/08 05:48:15 | 000,000,036 | ---- | M] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2011/11/08 05:44:36 | 000,001,464 | ---- | M] () -- C:\Users\Steve\Desktop\firefox - Shortcut.lnk
[2011/11/08 05:43:26 | 000,888,682 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/08 05:43:26 | 000,737,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 05:43:26 | 000,151,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/08 01:00:55 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 00:10:39 | 000,000,685 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/08 00:10:39 | 000,000,661 | ---- | M] () -- C:\Users\Steve\Desktop\System Restore.lnk
[2011/11/08 00:07:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/07 16:27:58 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\4634.com.exe
[2011/11/06 02:00:34 | 000,000,727 | ---- | M] () -- C:\Users\Steve\.octave_hist
[2011/11/06 01:55:37 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2011/11/05 20:29:59 | 000,517,350 | ---- | M] () -- C:\Users\Steve\Desktop\ex1.pdf
[2011/11/05 01:46:16 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/11/02 02:00:58 | 000,038,533 | ---- | M] () -- C:\Users\Steve\.recently-used.xbel
[2011/10/31 05:28:57 | 000,149,504 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\SharedSettings.ccs
[2011/10/30 02:54:05 | 000,093,500 | ---- | M] () -- C:\Users\Steve\Desktop\urgent-ultrascratch.png
[2011/10/30 02:46:34 | 000,132,449 | ---- | M] () -- C:\Users\Steve\Desktop\urgent-scratch2.png
[2011/10/29 22:31:16 | 000,124,161 | ---- | M] () -- C:\Users\Steve\Desktop\urgent-scratch.png
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/19 16:52:09 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2011/11/13 22:58:21 | 000,002,659 | ---- | C] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
[2011/11/13 22:58:21 | 000,002,622 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2011/11/13 22:58:21 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/13 22:58:21 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Vanguard.lnk
[2011/11/13 22:58:21 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/11/13 22:58:20 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2011/11/13 22:58:20 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk
[2011/11/13 22:58:20 | 000,002,360 | ---- | C] () -- C:\Users\Public\Desktop\BSL Lessons 3.7.lnk
[2011/11/13 22:58:20 | 000,002,312 | ---- | C] () -- C:\Users\Public\Desktop\BSL PRO 3.7 .lnk
[2011/11/13 22:58:20 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2011/11/13 22:58:20 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk
[2011/11/13 22:58:20 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/11/13 22:58:20 | 000,001,895 | ---- | C] () -- C:\Users\Public\Desktop\Play RIFT.lnk
[2011/11/13 22:58:20 | 000,001,832 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/11/13 22:58:20 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\Octave-3.2.4.lnk
[2011/11/13 22:58:20 | 000,001,323 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/11/13 22:58:20 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2011/11/13 22:58:20 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/11/13 22:58:20 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Measurement & Automation.lnk
[2011/11/13 22:58:20 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/11/13 22:58:20 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2011/11/13 22:58:20 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\CanoScan Toolbox 4.9.lnk
[2011/11/13 22:58:19 | 000,002,450 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/11/13 22:58:19 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/13 22:58:19 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/13 22:58:19 | 000,001,422 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/11/13 22:58:19 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/11/13 22:58:19 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/13 22:58:19 | 000,001,269 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/11/13 22:58:19 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/13 22:58:19 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/13 22:58:18 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/11/13 22:58:17 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/11/13 22:58:15 | 000,001,070 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments LabVIEW 8.5.lnk
[2011/11/13 22:58:13 | 000,002,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/11/13 22:58:13 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/11/13 22:58:13 | 000,001,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/13 22:58:11 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/11/13 22:58:10 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/13 22:58:10 | 000,001,035 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2011/11/13 22:58:06 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/13 22:58:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/13 22:58:05 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2011/11/08 16:18:39 | 001,008,092 | ---- | C] () -- C:\Users\Steve\Desktop\7k34v9.com.com
[2011/11/08 06:02:42 | 000,852,777 | ---- | C] () -- C:\Users\Steve\AppData\Local\census.cache
[2011/11/08 06:02:22 | 000,079,198 | ---- | C] () -- C:\Users\Steve\AppData\Local\ars.cache
[2011/11/08 05:48:15 | 000,000,036 | ---- | C] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2011/11/08 05:44:36 | 000,001,464 | ---- | C] () -- C:\Users\Steve\Desktop\firefox - Shortcut.lnk
[2011/11/08 01:00:55 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 00:10:39 | 000,000,685 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/08 00:10:39 | 000,000,661 | ---- | C] () -- C:\Users\Steve\Desktop\System Restore.lnk
[2011/11/02 02:00:58 | 000,038,533 | ---- | C] () -- C:\Users\Steve\.recently-used.xbel
[2011/10/30 00:25:19 | 000,132,449 | ---- | C] () -- C:\Users\Steve\Desktop\urgent-scratch2.png
[2011/10/29 22:24:52 | 000,124,161 | ---- | C] () -- C:\Users\Steve\Desktop\urgent-scratch.png
[2011/10/29 22:16:46 | 000,093,500 | ---- | C] () -- C:\Users\Steve\Desktop\urgent-ultrascratch.png
[2011/03/04 02:07:33 | 000,149,504 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\SharedSettings.ccs
[2010/11/25 01:30:35 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/10/26 02:11:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/15 18:07:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nidmfpan.ini
[2010/09/17 13:34:48 | 000,000,069 | ---- | C] () -- C:\Windows\pxisys.ini
[2010/09/17 13:34:48 | 000,000,030 | ---- | C] () -- C:\Windows\pxiesys.ini
[2010/09/03 17:27:02 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/09/03 17:27:02 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/09/03 17:26:34 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010/09/03 17:26:33 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2010/09/03 17:26:27 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/03 17:26:27 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
[2010/09/03 17:25:41 | 000,000,105 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/08/31 17:04:48 | 000,000,093 | ---- | C] () -- C:\Users\Steve\AppData\Local\fusioncache.dat
[2010/08/31 17:01:48 | 000,882,898 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/26 23:59:43 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/08/26 23:59:27 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/08/26 23:59:27 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/05/13 08:00:36 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/13 07:59:42 | 000,001,614 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/05/13 07:29:46 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/05/13 07:18:52 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2010/05/13 07:18:52 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/05/13 07:18:52 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010/05/13 07:18:52 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010/05/13 07:18:52 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010/05/13 07:13:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/13 04:16:14 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/04/13 04:16:14 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/04/13 04:16:14 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/14 13:15:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/07 17:20:24 | 000,050,208 | ---- | C] () -- C:\Windows\SysWow64\nispdu.dll
[2009/01/05 08:28:12 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\niscdrau.dll
[2005/10/18 09:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\cvintdrv.sys
========== Custom Scans ==========
< %temp%\smtmp\*.* /s >
[2009/07/14 00:01:14 | 000,001,282 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Default Programs.lnk
[2009/07/14 00:01:14 | 000,000,442 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\desktop.ini
[2010/10/02 23:20:07 | 000,002,012 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Vanguard - Saga of Heroes.lnk
[2009/07/13 23:49:40 | 000,001,266 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Windows Update.lnk
[2011/04/12 22:35:34 | 000,002,217 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\WinZip.lnk
[2010/04/13 03:54:36 | 000,001,011 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acrobat.com.lnk
[2011/06/08 22:24:06 | 000,002,441 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader X.lnk
[2010/09/22 23:54:28 | 000,002,519 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
[2011/04/22 02:02:17 | 000,001,748 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\desktop.ini
[2010/11/29 23:41:03 | 000,001,035 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Inkscape.lnk
[2010/04/13 03:46:05 | 000,001,345 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
[2010/05/13 07:28:36 | 000,002,557 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2010/08/27 03:49:19 | 000,001,151 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
[2011/05/07 00:30:25 | 000,001,114 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
[2011/08/03 17:12:33 | 000,002,062 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Mozilla Thunderbird.lnk
[2010/09/17 12:15:01 | 000,001,070 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments LabVIEW 8.5.lnk
[2009/07/13 23:57:08 | 000,001,330 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
[2009/07/13 23:57:09 | 000,001,352 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
[2010/04/13 03:46:01 | 000,001,326 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
[2009/07/13 23:54:59 | 000,001,210 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
[2011/04/22 02:01:31 | 000,001,422 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Live Mail.lnk
[2011/04/22 02:01:48 | 000,002,450 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Live Messenger.lnk
[2011/04/22 02:02:00 | 000,001,269 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Live Movie Maker.lnk
[2011/04/22 02:02:17 | 000,001,338 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Live Photo Gallery.lnk
[2010/10/13 15:46:00 | 000,001,547 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
[2009/07/13 23:57:08 | 000,001,246 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
[2010/09/03 22:41:04 | 000,001,899 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Bluetooth File Transfer Wizard.lnk
[2009/07/13 23:55:00 | 000,001,230 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2010/09/03 22:41:04 | 000,001,876 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Desktop.ini
[2009/07/13 23:54:23 | 000,001,266 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
[2010/04/13 03:46:10 | 000,001,364 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
[2009/07/27 14:44:29 | 000,001,238 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
[2009/07/13 23:54:32 | 000,001,242 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2009/07/13 23:53:55 | 000,001,367 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2010/04/13 03:46:05 | 000,001,272 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
[2009/07/13 23:57:08 | 000,001,330 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
[2010/04/13 03:46:07 | 000,001,351 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
[2009/07/13 23:54:58 | 000,001,254 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
[2009/07/13 23:57:09 | 000,001,579 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
[2009/07/13 23:54:58 | 000,001,322 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
[2009/07/13 23:57:07 | 000,000,370 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Desktop.ini
[2009/07/13 23:57:07 | 000,001,388 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
[2011/03/22 19:51:24 | 000,002,198 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center Programs\The Lord of the Rings Online.lnk
[2009/07/13 23:55:00 | 000,001,248 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2009/07/13 23:57:09 | 000,001,338 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Desktop.ini
[2009/07/13 23:54:25 | 000,001,290 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
[2009/07/13 23:54:58 | 000,001,252 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2009/07/13 23:53:50 | 000,001,242 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
[2009/07/13 23:53:33 | 000,001,250 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2009/07/13 23:54:57 | 000,001,246 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2009/07/13 23:54:29 | 000,001,268 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
[2009/07/13 23:57:09 | 000,001,320 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
[2009/07/13 23:57:09 | 000,001,316 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
[2010/04/13 03:46:05 | 000,000,343 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Desktop.ini
[2010/04/13 03:46:05 | 000,001,436 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
[2010/04/13 03:46:05 | 000,001,386 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
[2010/04/13 03:46:00 | 000,001,316 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
[2009/07/13 23:57:13 | 000,000,216 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\desktop.ini
[2009/07/14 00:32:31 | 000,001,989 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
[2009/07/13 23:57:13 | 000,001,468 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
[2009/07/13 23:57:13 | 000,001,468 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
[2009/07/14 00:32:31 | 000,001,899 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
[2010/04/13 04:33:03 | 000,002,287 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acer Backup Manager\Acer Backup Manager.lnk
[2010/05/13 07:18:52 | 000,001,520 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acer Crystal Eye Webcam\Acer Crystal Eye Webcam.lnk
[2010/05/13 07:18:52 | 000,002,437 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acer Crystal Eye Webcam\uninstall.lnk
[2010/04/13 04:40:38 | 000,002,037 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acer\Acer eRecovery Management.lnk
[2010/04/13 03:57:24 | 000,000,639 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acer\Acer Updater.lnk
[2010/04/13 03:57:18 | 000,000,111 | -H-- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acer\desktop.ini
[2010/04/13 03:57:18 | 000,002,147 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acer\Identity Card.lnk
[2010/04/13 03:58:43 | 000,002,124 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acer\Welcome Center.lnk
[2008/04/24 16:31:56 | 000,000,358 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\AcerSystem\AcerSystem User's Guide.lnk
[2008/04/24 17:28:28 | 000,000,337 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\AcerSystem\AcerSystem User's Quick Guide.lnk
[2009/07/13 23:57:13 | 000,001,242 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2009/07/13 23:54:21 | 000,001,294 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2009/07/13 23:53:52 | 000,001,270 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2009/07/13 23:57:13 | 000,001,674 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
[2009/07/13 23:54:29 | 000,001,298 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2009/07/13 23:54:22 | 000,001,274 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
[2009/07/13 23:53:33 | 000,001,268 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
[2010/08/31 17:01:52 | 000,001,332 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
[2010/08/31 17:01:52 | 000,001,383 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
[2009/07/13 23:53:50 | 000,001,232 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
[2009/07/13 23:53:33 | 000,001,246 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
[2009/07/13 23:54:29 | 000,001,262 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
[2009/07/13 23:53:58 | 000,001,274 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
[2009/07/14 00:32:31 | 000,002,741 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
[2011/02/11 15:06:34 | 000,001,931 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\AIM\AIM.lnk
[2011/02/11 15:06:34 | 000,001,060 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\AIM\Uninstall AIM.lnk
[2011/02/11 15:06:34 | 000,000,044 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\AIM\Visit AIM on the Web.url
[2010/12/17 13:34:26 | 000,001,795 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Bamboo\Bamboo Preference File Utility.lnk
[2010/12/17 13:34:26 | 000,001,709 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Bamboo\Bamboo Preferences.lnk
[2010/12/17 13:34:26 | 000,000,305 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Bamboo\desktop.ini
[2010/12/17 13:34:26 | 000,001,657 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Bamboo\Read Me.lnk
[2010/11/11 13:12:26 | 000,002,384 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Biopac Student Lab\BSL 3.7\BSL Lessons 3.7.lnk
[2010/11/11 13:12:27 | 000,002,336 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Biopac Student Lab\BSL 3.7\BSL PRO 3.7 .lnk
[2010/09/03 17:27:03 | 000,002,189 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Brother HL-2170W\Driver Help file.lnk
[2010/09/03 17:27:02 | 000,002,176 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Brother HL-2170W\HL-2170W Interactive Help.lnk
[2010/09/03 17:27:03 | 000,001,930 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Brother HL-2170W\Status Monitor.lnk
[2010/09/03 17:27:02 | 000,002,102 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Brother HL-2170W\UnInstall.lnk
[2010/09/03 17:27:02 | 000,002,038 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Brother HL-2170W\User's Guides in HTML format.lnk
[2010/09/03 17:27:03 | 000,002,190 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Brother HL-2170W\User's Guides in PDF format.lnk
[2010/09/27 15:33:00 | 000,002,152 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Canon\CanoScan Toolbox 4.5\CanoScan Toolbox 4.5.lnk
[2010/09/27 15:33:00 | 000,000,932 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Canon\CanoScan Toolbox 4.5\Read Me.lnk
[2010/09/27 15:33:00 | 000,002,595 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Canon\CanoScan Toolbox 4.5\Uninstall CanoScan Toolbox 4.5.lnk
[2010/11/17 07:06:59 | 000,002,152 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Canon\CanoScan Toolbox 4.9\CanoScan Toolbox 4.9.lnk
[2010/11/17 07:06:59 | 000,000,946 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Canon\CanoScan Toolbox 4.9\Read Me.lnk
[2010/11/17 07:06:59 | 000,002,595 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Canon\CanoScan Toolbox 4.9\Uninstall CanoScan Toolbox 4.9.lnk
[2010/05/13 07:17:15 | 000,002,096 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\CCC - Advanced.lnk
[2010/05/13 07:17:15 | 000,002,090 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\CCC - Wizard.lnk
[2010/05/13 07:17:15 | 000,002,084 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\CCC.lnk
[2010/05/13 07:17:15 | 000,002,098 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\Help.lnk
[2010/05/13 07:17:15 | 000,002,080 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\Restart Runtime.lnk
[2011/03/04 02:07:23 | 000,002,065 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\CoffeeCup Software\CoffeeCup Free FTP.lnk
[2010/05/13 07:22:00 | 000,001,214 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\CyberLink PowerDVD 9\CyberLink PowerDVD 9.lnk
[2010/05/13 07:22:00 | 000,000,368 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\CyberLink PowerDVD 9\desktop.ini
[2010/05/13 07:22:00 | 000,001,142 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\CyberLink PowerDVD 9\Online registration.lnk
[2010/05/13 07:22:00 | 000,001,374 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\CyberLink PowerDVD 9\PowerDVD 9 Help file.lnk
[2010/05/13 07:22:00 | 000,001,357 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\CyberLink PowerDVD 9\Read Me.lnk
[2010/04/13 04:43:55 | 000,002,103 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\EgisTec\Shredder.lnk
[2010/04/13 04:43:10 | 000,002,261 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\EgisTec\MyWinLocker\MyWinLocker.lnk
[2010/04/13 04:43:10 | 000,002,122 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\EgisTec\MyWinLocker\Online Help.lnk
[2010/04/13 03:54:22 | 000,000,042 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\eSobi v2\desktop.ini
[2010/04/13 03:54:22 | 000,002,719 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\eSobi v2\eSobi v2.lnk
[2010/04/13 04:37:54 | 000,002,253 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Bejeweled 2 Deluxe.lnk
[2010/04/13 04:37:54 | 000,002,262 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Blackhawk Striker 2.lnk
[2010/04/13 04:37:54 | 000,002,374 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Bob the Builder Can-Do-Zoo.lnk
[2010/04/13 04:37:54 | 000,002,208 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Build-a-lot 2.lnk
[2010/04/13 03:46:00 | 000,000,352 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
[2010/04/13 04:37:36 | 000,001,434 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Club Penguin.lnk
[2011/04/02 04:37:35 | 000,001,143 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\desktop.ini
[2010/08/31 17:04:17 | 000,000,274 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Dungeons & Dragons Online® Eberron Unlimited™.lnk
[2010/04/13 04:37:54 | 000,002,375 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Escape Rosecliff Island.lnk
[2010/04/13 04:37:54 | 000,002,326 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Faerie Solitaire.lnk
[2010/08/26 23:59:19 | 000,000,852 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Far Cry® 2.lnk
[2010/04/13 04:37:54 | 000,002,254 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\FATE - The Traitor Soul.lnk
[2009/07/13 23:55:00 | 000,000,364 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
[2009/07/13 23:54:59 | 000,000,258 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk
[2009/07/13 23:57:12 | 000,000,356 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2010/04/13 03:46:01 | 000,000,474 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2010/04/13 03:46:01 | 000,000,470 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2010/04/13 03:46:00 | 000,000,466 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2010/04/13 04:37:54 | 000,002,312 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Jewel Quest Solitaire 3.lnk
[2010/12/29 17:48:23 | 000,000,202 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Just Cause 2.lnk
[2010/04/13 03:46:01 | 000,000,360 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
[2009/07/13 23:57:12 | 000,000,376 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2010/04/13 04:37:54 | 000,002,163 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Monopoly.lnk
[2010/04/13 04:37:56 | 000,002,453 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\More Games from Acer Games.lnk
[2010/04/13 04:37:54 | 000,002,464 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. - Lost in Los Angeles.lnk
[2010/04/13 04:37:54 | 000,002,158 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Penguins!.lnk
[2010/04/13 04:37:54 | 000,002,292 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Plants vs. Zombies.lnk
[2010/04/13 04:37:54 | 000,002,164 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Bowler.lnk
[2010/04/13 04:37:54 | 000,002,155 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Golfer.lnk
[2009/07/13 23:57:12 | 000,000,378 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Purble Place.lnk
[2010/04/13 04:37:54 | 000,002,229 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Scrabble Plus.lnk
[2009/07/13 23:55:01 | 000,000,368 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2009/07/13 23:57:12 | 000,000,392 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2011/03/22 19:54:51 | 000,000,806 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\The Lord of the Rings Online™.lnk
[2010/04/13 04:37:54 | 000,002,274 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\The Price is Right.lnk
[2010/04/13 04:37:54 | 000,002,277 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Virtual Families.lnk
[2010/04/13 04:37:54 | 000,002,403 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Virtual Villagers - A New Home.lnk
[2011/04/02 04:37:35 | 000,002,644 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\WildTangent Games App - acer.lnk
[2010/04/13 04:37:54 | 000,002,131 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Yahtzee.lnk
[2010/04/13 04:37:54 | 000,002,146 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Zuma Deluxe.lnk
[2010/11/29 23:31:17 | 000,001,117 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GIMP\GIMP 2.lnk
[2010/11/29 23:31:17 | 000,001,135 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GIMP\Uninstall.lnk
[2011/05/25 01:01:30 | 000,000,807 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\CHANGELOG.lnk
[2011/05/25 01:01:30 | 000,000,822 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\KNOWN_ISSUES.lnk
[2011/05/25 01:01:30 | 000,001,019 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Notepad++.lnk
[2011/05/25 01:01:29 | 000,001,774 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Octave.lnk
[2011/05/25 01:01:30 | 000,000,635 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Uninstall.lnk
[2011/05/25 01:01:29 | 000,000,884 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\WGnuplot.lnk
[2011/05/25 01:01:30 | 000,000,989 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Documentation\Gnuplot.lnk
[2011/05/25 01:01:30 | 000,001,183 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Documentation\HTML\FAQ.lnk
[2011/05/25 01:01:30 | 000,001,192 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Documentation\HTML\Octave C++ API.lnk
[2011/05/25 01:01:30 | 000,001,202 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Documentation\HTML\Octave.lnk
[2011/05/25 01:01:30 | 000,001,089 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Documentation\PDF\FAQ.lnk
[2011/05/25 01:01:30 | 000,001,084 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Documentation\PDF\Octave C++ API.lnk
[2011/05/25 01:01:30 | 000,001,067 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Documentation\PDF\Octave.lnk
[2011/05/25 01:01:30 | 000,001,089 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Documentation\PDF\Quick Reference Card.lnk
[2009/07/13 23:57:07 | 000,001,304 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
[2009/07/13 23:57:07 | 000,001,248 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
[2009/07/13 23:57:09 | 000,000,606 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Desktop.ini
[2009/07/13 23:57:09 | 000,001,212 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
[2011/11/05 01:46:16 | 000,001,850 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\McAfee\McAfee Internet Security Suite.lnk
[2010/04/13 04:27:35 | 000,000,098 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\desktop.ini
[2010/04/13 04:27:35 | 000,001,341 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office - 60 Day Trial.lnk
[2010/04/13 04:01:55 | 000,002,655 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
[2010/04/13 04:01:55 | 000,002,619 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
[2010/04/13 04:01:55 | 000,002,645 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
[2010/04/13 04:01:55 | 000,002,693 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
[2010/04/13 04:01:55 | 000,002,647 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
[2010/04/13 04:01:55 | 000,002,627 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2010/04/13 04:01:55 | 000,002,527 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
[2010/04/13 04:01:55 | 000,002,625 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
[2010/04/13 04:01:55 | 000,002,605 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
[2011/10/12 02:16:06 | 000,002,231 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
[2010/09/12 16:20:40 | 000,001,181 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft SQL Server 2008\Import and Export Data (64-bit).lnk
[2010/09/12 16:19:55 | 000,000,860 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft SQL Server 2008\Configuration Tools\SQL Server Configuration Manager.lnk
[2010/09/12 16:20:40 | 000,001,105 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft SQL Server 2008\Configuration Tools\SQL Server Error and Usage Reporting.lnk
[2010/09/12 16:18:11 | 000,001,362 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft SQL Server 2008\Configuration Tools\SQL Server Installation Center (64-bit).lnk
[2011/06/15 02:30:31 | 000,001,159 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Visual Studio 2010 Express\Microsoft Visual C++ 2010 Express.lnk
[2010/09/12 16:15:00 | 000,000,200 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Visual Studio 2010 Express\Try Visual Studio 2010 Professional.url
[2010/09/12 16:15:03 | 000,001,902 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Visual Studio 2010 Express\Visual Studio Command Prompt (2010).lnk
[2010/05/13 07:28:19 | 000,002,577 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
[2010/05/13 07:28:19 | 000,002,597 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
[2010/05/13 07:28:19 | 000,002,605 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
[2010/05/13 07:28:19 | 000,002,647 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
[2010/12/16 03:02:35 | 000,002,629 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
[2010/08/27 03:49:19 | 000,001,157 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
[2010/05/13 07:28:19 | 000,002,649 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
[2010/12/16 03:02:35 | 000,002,617 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Works without Ads.lnk
[2010/09/24 12:27:33 | 000,001,114 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\Measurement & Automation.lnk
[2010/09/24 12:45:38 | 000,001,428 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI License Manager.lnk
[2010/09/17 12:28:09 | 000,001,499 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI Registration Wizard.lnk
[2010/09/17 12:43:23 | 000,001,146 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI Spy.lnk
[2010/09/17 12:51:40 | 000,001,198 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\DataSocket\DataSocket Server Help.lnk
[2010/09/17 12:09:29 | 000,001,082 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\DataSocket\DataSocket Server Manager.lnk
[2010/09/17 12:09:29 | 000,001,063 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\DataSocket\DataSocket Server.lnk
[2010/09/24 12:16:41 | 000,001,051 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\IVI\IVI Compliance Package Readme.lnk
[2010/09/24 12:18:05 | 000,001,115 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\IVI\IVI Driver Help.lnk
[2010/09/24 12:16:41 | 000,001,082 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\IVI\Release Notes\IVI Compliance Package Release Notes.lnk
[2010/09/17 12:10:40 | 000,001,166 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\LabVIEW 8.5\LabVIEW Help.lnk
[2010/09/17 12:15:00 | 000,001,058 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\LabVIEW 8.5\LabVIEW Manuals.lnk
[2010/09/17 12:15:01 | 000,001,082 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\LabVIEW 8.5\LabVIEW.lnk
[2010/09/17 12:15:00 | 000,001,053 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\LabVIEW 8.5\Readme.lnk
[2010/09/24 12:57:23 | 000,001,251 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\LabVIEW SignalExpress\Getting Started with LabVIEW SignalExpress.lnk
[2010/09/24 12:57:23 | 000,001,122 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\LabVIEW SignalExpress\LabVIEW SignalExpress 2009.lnk
[2010/09/24 12:57:23 | 000,001,092 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\LabVIEW SignalExpress\Readme.lnk
[2010/09/17 12:27:17 | 000,001,285 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-488.2\Add GPIB-ENET-100 Wizard.lnk
[2010/09/17 12:27:17 | 000,002,327 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-488.2\GPIB Analyzer.lnk
[2010/09/17 12:27:17 | 000,001,246 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-488.2\Interactive Control.lnk
[2010/09/17 12:27:17 | 000,001,279 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-488.2\NI-488.2 Help.lnk
[2010/09/17 12:27:17 | 000,001,290 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-488.2\Troubleshooting Utility.lnk
[2010/09/24 12:39:07 | 000,001,137 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\DAQ Getting Started Guide.lnk
[2010/09/24 12:35:08 | 000,001,591 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\LabVIEW SignalExpress for DAQ.lnk
[2010/09/24 12:44:57 | 000,001,207 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\NI Device Monitor.lnk
[2010/09/24 12:39:07 | 000,001,055 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\NI-DAQ Readme.lnk
[2010/09/24 12:39:07 | 000,001,137 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\NI-DAQmx for NI WLS ENET-9163 Getting Started.lnk
[2010/09/24 12:39:07 | 000,001,137 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\NI-DAQmx for USB Devices Getting Started.lnk
[2010/09/24 12:39:32 | 000,001,142 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\NI-DAQmx Help.lnk
[2010/09/24 12:39:07 | 000,001,142 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\Online DAQ Support.lnk
[2010/09/24 12:39:07 | 000,001,137 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\SCXI Quick Start Guide.lnk
[2010/09/24 12:37:11 | 000,001,604 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\Text-Based Code Support\.NET 2.0 Examples.lnk
[2010/09/24 12:38:46 | 000,001,621 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\Text-Based Code Support\ANSI C Examples.lnk
[2010/09/24 12:37:11 | 000,001,180 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\Text-Based Code Support\NI-DAQmx .NET Framework 2.0 Help.lnk
[2010/09/24 12:38:46 | 000,001,143 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\Text-Based Code Support\NI-DAQmx C Reference Help.lnk
[2010/09/17 12:12:10 | 000,001,290 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\Variable Manager\Variable Manager Help.lnk
[2010/09/17 12:12:11 | 000,001,201 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\Variable Manager\Variable Manager.lnk
[2010/09/17 12:28:19 | 000,001,278 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\VISA\Driver Wizard.lnk
[2010/09/17 12:28:19 | 000,001,301 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\VISA\Examples.lnk
[2010/09/17 12:29:17 | 000,001,233 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\VISA\Remote Server.lnk
[2010/09/17 12:28:19 | 000,001,213 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\VISA\VISA Interactive Control.lnk
[2010/09/17 12:28:18 | 000,001,212 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\VISA\Documentation\NI-VISA Help.lnk
[2010/09/24 12:20:33 | 000,001,214 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\VISA\Documentation\NI-VISA Readme.lnk
[2010/09/09 23:08:47 | 000,002,097 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NetBeans\NetBeans IDE 6.9.1.lnk
[2010/04/13 04:41:15 | 000,002,413 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Norton Online Backup\Norton Online Backup.lnk
[2010/04/13 04:30:39 | 000,002,100 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NTI Backup Now 5\NTI Backup Now 5.lnk
[2010/04/13 04:29:42 | 000,002,436 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NTI Media Maker 8\Audio Editor.lnk
[2010/04/13 04:29:42 | 000,002,464 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NTI Media Maker 8\Digital Jack.lnk
[2010/04/13 04:29:42 | 000,002,406 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NTI Media Maker 8\DVD Fit.lnk
[2010/04/13 04:29:42 | 000,002,471 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NTI Media Maker 8\JewelCase Maker.lnk
[2010/04/13 04:29:42 | 000,002,297 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NTI Media Maker 8\NTI Media Maker 8.lnk
[2010/04/13 04:29:42 | 000,002,447 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NTI Media Maker 8\Photo Maker.lnk
[2010/04/13 04:29:42 | 000,002,425 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NTI Media Maker 8\Ripper.lnk
[2010/11/22 15:07:38 | 000,000,036 | -H-- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\Desktop.ini
[2010/11/22 15:07:18 | 000,001,098 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Base.lnk
[2010/11/22 15:07:18 | 000,001,082 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Calc.lnk
[2010/11/22 15:07:18 | 000,001,032 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Draw.lnk
[2010/11/22 15:07:18 | 000,001,092 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Impress.lnk
[2010/11/22 15:07:18 | 000,001,034 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Math.lnk
[2010/11/22 15:07:18 | 000,001,106 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Writer.lnk
[2010/11/22 15:07:18 | 000,001,138 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org.lnk
[2011/03/17 14:27:33 | 000,001,071 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Oracle VM VirtualBox\License (English).lnk
[2011/03/17 14:27:33 | 000,001,138 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Oracle VM VirtualBox\User manual (English).lnk
[2011/03/17 14:27:33 | 000,001,056 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Oracle VM VirtualBox\VirtualBox.lnk
[2010/11/29 19:29:38 | 000,002,441 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2010/11/29 19:29:38 | 000,002,471 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2010/11/29 19:29:38 | 000,002,441 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2010/11/29 19:29:38 | 000,001,820 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2011/07/12 04:31:47 | 000,001,955 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\RIFT\Play RIFT.lnk
[2011/07/12 04:31:47 | 000,001,909 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\RIFT\RIFT Game Website.lnk
[2011/07/12 04:31:46 | 000,002,116 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\RIFT\Uninstall RIFT.lnk
[2011/07/09 00:06:07 | 000,002,533 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Skype\Skype.lnk
[2011/02/01 00:36:57 | 000,002,919 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\SmartFTP Client\SmartFTP Client.lnk
[2011/02/01 00:36:57 | 000,002,613 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\SmartFTP Client\Tools\Backup Tool.lnk
[2011/09/18 01:27:59 | 000,002,252 | R--- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Sony Ericsson\Sony Ericsson PC Companion\Sony Ericsson PC Companion 2.0.lnk
[2011/09/18 01:27:59 | 000,002,453 | R--- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Sony Ericsson\Sony Ericsson PC Companion\Uninstall.lnk
[2011/04/09 18:14:03 | 000,000,235 | R--- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Sony Ericsson\Sony Ericsson PC Companion\www.sonyericsson.com.url
[2011/04/24 01:00:24 | 000,001,873 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Sony\Media Go\Media Go.lnk
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Startup\desktop.ini
[2010/12/29 17:34:50 | 000,002,573 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Steam\Steam Support Center.lnk
[2010/12/29 17:45:03 | 000,001,011 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Steam\Steam.lnk
[2011/01/29 19:03:06 | 000,000,974 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Symphony Studio\Command Line Tools.lnk
[2011/01/29 19:03:05 | 000,001,690 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Symphony Studio\Symphony Studio.lnk
[2011/01/29 19:03:06 | 000,000,682 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Symphony Studio\Uninstall Symphony Studio.lnk
[2011/01/29 19:03:06 | 000,000,783 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Symphony Studio\User Manual.lnk
[2011/03/22 19:51:24 | 000,000,054 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Account Management Website.url
[2011/03/22 19:51:24 | 000,000,054 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Community Website.url
[2011/03/22 19:51:24 | 000,001,242 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\README.lnk
[2011/03/22 19:51:24 | 000,000,054 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Support Website.url
[2011/03/22 19:51:22 | 000,002,253 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\The Lord of the Rings Online.lnk
[2011/03/22 19:51:24 | 000,000,046 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Turbine, Inc..url
[2011/03/22 19:51:24 | 000,002,103 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Uninstall The Lord of the Rings Online.lnk
[2011/03/22 19:51:24 | 000,001,212 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\User Manual (pdf).lnk
[2010/10/02 23:01:29 | 000,001,798 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Vanguard - Saga of Heroes\Vanguard - Saga of Heroes.lnk
[2011/03/15 18:04:48 | 000,002,053 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\VMware\VMware Player.lnk
[2011/04/22 02:02:48 | 000,000,095 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Live\desktop.ini
[2011/04/22 02:02:48 | 000,002,350 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
[2011/04/12 22:35:34 | 000,002,229 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\WinZip\WinZip 15.0.lnk
[2010/09/26 17:03:37 | 000,001,112 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Wolfram Mathematica\Mathematica Player 7.lnk
[2010/09/26 17:03:38 | 000,002,438 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Wolfram Mathematica\Uninstall Mathematica Player.lnk
[2010/11/20 18:03:06 | 000,002,377 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Wolfram Mathematica\Uninstall Wolfram Mathematica 7 for Students.lnk
[2010/11/20 18:03:06 | 000,001,042 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Wolfram Mathematica\Wolfram Mathematica 7 for Students Kernel.lnk
[2010/11/20 18:03:06 | 000,001,047 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Wolfram Mathematica\Wolfram Mathematica 7 for Students.lnk
[2011/06/08 22:24:07 | 000,001,983 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Adobe Reader X.lnk
[2011/02/11 15:06:34 | 000,001,913 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\AIM.lnk
[2010/11/11 13:12:27 | 000,002,360 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\BSL Lessons 3.7.lnk
[2010/11/11 13:12:27 | 000,002,312 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\BSL PRO 3.7 .lnk
[2010/11/17 07:06:58 | 000,000,984 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\CanoScan Toolbox 4.9.lnk
[2011/04/02 04:37:35 | 000,006,006 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\desktop.ini
[2010/08/26 06:52:57 | 000,002,609 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\eBay.lnk
[2010/11/29 23:31:17 | 000,001,099 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\GIMP 2.lnk
[2010/11/29 23:40:42 | 000,001,011 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Inkscape.lnk
[2011/11/05 01:46:16 | 000,001,832 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\McAfee Internet Security Suite.lnk
[2010/09/24 12:27:33 | 000,001,096 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Measurement & Automation.lnk
[2010/04/13 04:27:35 | 000,001,323 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Microsoft Office - 60 Day Trial.lnk
[2010/08/27 03:49:19 | 000,001,139 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Microsoft Works.lnk
[2010/09/09 23:08:47 | 000,002,079 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\NetBeans IDE 6.9.1.lnk
[2010/08/26 06:53:12 | 000,002,102 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Netflix.lnk
[2010/04/13 04:41:15 | 000,002,413 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Norton Online Backup.lnk
[2011/05/25 01:01:30 | 000,001,756 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Octave-3.2.4.lnk
[2011/03/17 14:27:33 | 000,001,038 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Oracle VM VirtualBox.lnk
[2011/07/12 04:32:15 | 000,001,895 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Play RIFT.lnk
[2011/07/09 00:06:07 | 000,002,515 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Skype.lnk
[2011/02/01 00:36:57 | 000,002,659 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\SmartFTP Client.lnk
[2010/12/29 17:45:03 | 000,000,993 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Steam.lnk
[2010/10/02 23:20:07 | 000,002,006 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Vanguard.lnk
[2011/04/02 04:37:35 | 000,002,622 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\WildTangent Games App - acer.lnk
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\system64\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\system64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\system64\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/04/13 04:19:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steve\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steve\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steve\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/04/13 04:07:59 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/04/13 04:19:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/04/13 04:07:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steve\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steve\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steve\AppData\Local\Temp\RarSFX2\h\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/04/13 04:19:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/04/13 04:07:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/04/13 04:19:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/04/13 04:07:59 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTORV.SYS >
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\system64\drivers\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\system64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 01:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\system64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\system64\netlogon.dll
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NTOSKRNL.EXE >
[2011/04/09 01:21:32 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=0F4A148499CC6FA5D84A0F1587869051 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntoskrnl.exe
[2011/06/23 00:31:31 | 005,474,688 | ---- | M] (Microsoft Corporation) MD5=12EC6D619756240886680523392EEF9C -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_c8a3295ae6faad36\ntoskrnl.exe
[2010/11/20 07:30:06 | 003,911,040 | ---- | M] (Microsoft Corporation) MD5=2088D9994332583EDB3C561DE31EA5AD -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[2011/04/09 01:54:07 | 005,475,712 | ---- | M] (Microsoft Corporation) MD5=240D89BBE5BCD168D748D6C12B6FE884 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_c8d63818e6d4d57c\ntoskrnl.exe
[2010/06/19 02:05:01 | 005,507,968 | ---- | M] (Microsoft Corporation) MD5=28C4FE45FC1B176FA74A48FB15DE7C9A -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_c8730901cd997f9b\ntoskrnl.exe
[2010/06/19 02:05:25 | 005,474,184 | ---- | M] (Microsoft Corporation) MD5=5223C216E348E397C5EACCBEFB57FFF2 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_c8e8063ee6c6709e\ntoskrnl.exe
[2011/06/23 00:43:12 | 005,561,216 | ---- | M] (Microsoft Corporation) MD5=577841951E8BAD6EA8288106693CD39F -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_ca31f809cade8847\ntoskrnl.exe
[2011/04/09 01:02:25 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=5D21C487F79F8245E799071589E035BF -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe
[2011/06/22 23:32:02 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=638A384E9968036D42BDBDE499A1C8B8 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntoskrnl.exe
[2010/10/26 23:43:38 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=776201760B5692F10DDA3BE85B54F213 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntoskrnl.exe
[2010/06/19 01:33:29 | 003,899,784 | ---- | M] (Microsoft Corporation) MD5=8218E74A67942120BF8EE30661EDF83F -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntoskrnl.exe
[2011/06/23 00:55:25 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=90EFDB506F6140EEA9DEE398D9449D86 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[2011/04/09 01:50:20 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=99C2715F138E7ED2F489AB796DD3B53C -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe
[2009/07/13 20:48:28 | 005,511,248 | ---- | M] (Microsoft Corporation) MD5=9E722B768E33D26AD8FA7D642E707443 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[2009/07/13 20:20:44 | 003,899,472 | ---- | M] (Microsoft Corporation) MD5=B9D673F7707219DFD264891A26C21ECB -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe
[2010/10/26 23:33:37 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=C6169F5FDC8399E0C6C0729AB6EF2EF8 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntoskrnl.exe
[2010/11/20 08:33:46 | 005,563,776 | ---- | M] (Microsoft Corporation) MD5=C6CEC3E6CC9842B73501C70AA64C00FE -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[2011/06/23 00:22:01 | 005,561,728 | ---- | M] (Microsoft Corporation) MD5=CE6AF5EC2DB1567B6297ADCB56B39B5D -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe
[2011/04/09 01:01:20 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=D385343510B75545EC5DB3A64C2D2492 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe
[2010/06/19 01:37:01 | 003,909,512 | ---- | M] (Microsoft Corporation) MD5=D5662CD1F9B85936561A07ADC400ACF4 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntoskrnl.exe
[2011/04/09 02:02:55 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=D60D9BCEAE5870A67E6C167F4681877B -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe
[2011/04/09 01:13:06 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=D9FD1D6337F15AAF2012C69909615DB5 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntoskrnl.exe
[2011/06/22 23:38:04 | 003,902,336 | ---- | M] (Microsoft Corporation) MD5=DFB0E9F902FDAB7CD2E180E4072D45DD -- C:\Windows\SysWOW64\ntoskrnl.exe
[2011/06/22 23:38:04 | 003,902,336 | ---- | M] (Microsoft Corporation) MD5=DFB0E9F902FDAB7CD2E180E4072D45DD -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntoskrnl.exe
[2011/04/09 01:45:48 | 005,509,504 | ---- | M] (Microsoft Corporation) MD5=E03A9AC0273182895DCB3693A36785C9 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_c8178a15cddedd97\ntoskrnl.exe
[2010/10/27 00:18:36 | 005,510,528 | ---- | M] (Microsoft Corporation) MD5=E2EA143288BFF3D6B3AEB88C3BC02DAF -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe
[2010/10/27 00:23:11 | 005,477,248 | ---- | M] (Microsoft Corporation) MD5=E6FC5686F6BB6F0CEB1107E6D064A944 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe
[2011/06/23 00:29:39 | 005,507,968 | ---- | M] (Microsoft Corporation) MD5=EBECACD545E280FE7A0A2CBFC0AC29BD -- C:\Windows\SysNative\ntoskrnl.exe
[2011/06/23 00:29:39 | 005,507,968 | ---- | M] (Microsoft Corporation) MD5=EBECACD545E280FE7A0A2CBFC0AC29BD -- C:\Windows\system64\ntoskrnl.exe
[2011/06/23 00:29:39 | 005,507,968 | ---- | M] (Microsoft Corporation) MD5=EBECACD545E280FE7A0A2CBFC0AC29BD -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_c84c9b4dcdb735b2\ntoskrnl.exe
[2011/06/22 23:33:57 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=FB58ABD5E1F75A2CF713C9DFF0EC0804 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\system64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\system64\drivers\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\system64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\system64\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\system64\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steve\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steve\AppData\Local\Temp\RarSFX1\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steve\AppData\Local\Temp\RarSFX2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: UXTHEME.DLL >
[2009/07/13 20:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) MD5=43964FA89CCF97BA6BE34D69455AC65F -- C:\Windows\SysWOW64\uxtheme.dll
[2009/07/13 20:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) MD5=43964FA89CCF97BA6BE34D69455AC65F -- C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll
[2009/07/13 20:41:56 | 000,332,288 | ---- | M] (Microsoft Corporation) MD5=D29E998E8277666982B4F0303BF4E7AF -- C:\Windows\SysNative\uxtheme.dll
[2009/07/13 20:41:56 | 000,332,288 | ---- | M] (Microsoft Corporation) MD5=D29E998E8277666982B4F0303BF4E7AF -- C:\Windows\system64\uxtheme.dll
[2009/07/13 20:41:56 | 000,332,288 | ---- | M] (Microsoft Corporation) MD5=D29E998E8277666982B4F0303BF4E7AF -- C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll
< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/04/13 04:19:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steve\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steve\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steve\AppData\Local\Temp\RarSFX2\winlogon.exe
[2010/04/13 04:19:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/04/13 04:19:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\system64\winlogon.exe
[2010/04/13 04:19:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< C:\*.* >
[2011/03/15 18:04:53 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/07/13 20:38:58 | 000,383,562 | R-S- | M] () -- C:\bootmgr
[2009/07/27 15:40:53 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/11/19 16:52:09 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/11/25 16:24:00 | 3219,771,392 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/02/11 15:06:36 | 000,001,071 | ---- | M] () -- C:\IPH.PH
[2011/11/22 03:33:53 | 000,242,180 | ---- | M] () -- C:\OTL.Txt
[2011/11/25 16:24:03 | 4293,029,888 | -HS- | M] () -- C:\pagefile.sys
[2010/04/21 20:01:01 | 000,002,219 | R-S- | M] () -- C:\Patch.rev
[2010/08/26 06:51:56 | 000,000,216 | R-S- | M] () -- C:\Preload.rev
[2010/05/13 07:18:42 | 000,002,142 | ---- | M] () -- C:\RHDSetup.log
[2011/11/08 16:21:37 | 000,000,510 | ---- | M] () -- C:\rkill.log
[2011/11/08 15:30:19 | 000,194,914 | ---- | M] () -- C:\TDSSKiller.2.6.16.0_08.11.2011_15.28.24_log.txt
[2011/11/08 15:31:55 | 000,001,912 | ---- | M] () -- C:\TDSSKiller.2.6.16.0_08.11.2011_15.31.29_log.txt
[2011/11/08 15:42:23 | 000,098,444 | ---- | M] () -- C:\TDSSKiller.2.6.16.0_08.11.2011_15.39.23_log.txt
[2011/11/08 16:15:01 | 000,098,396 | ---- | M] () -- C:\TDSSKiller.2.6.16.0_08.11.2011_16.12.26_log.txt
[2011/10/05 03:14:12 | 000,039,507 | ---- | M] () -- C:\temp.jpg
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2010/03/19 18:55:52 | 002,073,703 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.CAB
[2010/03/19 18:58:20 | 000,551,424 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.MSI
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/30 15:21:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/30 15:21:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/30 15:21:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/09/30 15:21:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/09/30 15:21:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/30 15:21:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/08 14:16:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/08 14:16:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/08 14:16:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/08 14:16:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/05/08 14:16:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/09/30 15:21:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/09/30 15:21:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/09/30 15:21:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/09/30 15:21:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/09/30 15:21:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/09/30 15:21:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/08 14:16:25 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/08 14:16:25 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/08 14:16:25 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/08 14:16:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/05/08 14:16:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
< >
< >
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
========== Alternate Data Streams ==========
@Alternate Data Stream - 945 bytes -> C:\Users\Steve\Documents\Re Medical Imaging Related Course at NYU.eml:OECustomProperty
< End of report >
I booted into normal Windows with no Safe Mode or anything. No shut downs so far (about an hour), and Firefox isn't losing its default status anymore (it asked to be set to default the first time I opened it, but maybe its default status was lost before the scan). However, half my Start Menu is still missing. I'm not talking about shortcuts (those were restored with an earlier utility you had me use). I'm talking about the options under "Computer", etc. Perhaps this was also a one-shot change the malware pulled off before.
Here is a fresh OTL scan with the same custom scan as last time:
OTL logfile created on: 11/25/2011 4:28:34 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steve\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 65.38% Memory free
7.99 Gb Paging File | 6.14 Gb Available in Paging File | 76.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.97 Gb Total Space | 198.69 Gb Free Space | 43.86% Space Free | Partition Type: NTFS
Computer Name: HONOR | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/08 19:16:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Downloads\OTL.exe
PRC - [2011/01/05 12:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/11/11 12:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/11/11 12:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/11/11 12:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010/11/11 12:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010/08/26 23:59:51 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/08/26 23:59:27 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/08 18:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/04 00:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/04 00:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/04 00:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/02/01 13:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/13 12:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/12/24 20:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 20:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/06/18 06:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009/06/18 05:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2009/06/18 05:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2009/06/15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
PRC - [2009/06/04 08:31:10 | 000,193,648 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2009/06/04 03:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe
PRC - [2009/03/05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
PRC - [2008/12/30 10:19:14 | 000,109,136 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
PRC - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nipalsm.exe
PRC - [2008/06/20 14:46:24 | 000,607,848 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
========== Modules (No Company Name) ==========
MOD - [2011/01/05 12:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2010/11/11 12:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2010/11/11 12:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/03/08 19:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010/01/13 12:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/05/20 17:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/10/13 11:41:06 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/10/13 11:41:04 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2010/08/24 13:57:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/08/24 13:57:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/08/24 13:57:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/04/15 08:45:10 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/03/29 11:41:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/02/05 22:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/05 01:55:06 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/11/11 12:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 12:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 12:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 11:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/26 23:59:51 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/08/26 23:59:27 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/08/19 12:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/04/13 03:57:13 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/04 00:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/01 13:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/26 10:49:18 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/06/18 06:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 05:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 05:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:31:10 | 000,193,648 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2009/06/04 03:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2009/03/05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2008/10/31 13:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (nipxirmu)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (nidevldu)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (ni488enumsvc)
SRV - [2008/06/20 14:46:24 | 000,607,848 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2007/05/09 14:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 16:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/11/11 12:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/11/11 12:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/11/11 12:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/11/11 12:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/11/11 11:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/11/11 09:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/11/11 09:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/10/05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/05 13:26:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/05 13:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/08/24 13:57:38 | 000,529,000 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,441,072 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/08/24 13:57:38 | 000,283,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,094,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/08/24 13:57:38 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/07/12 13:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010/04/14 00:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/04/01 19:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/29 11:51:38 | 006,405,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/29 10:46:28 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/09 09:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/01 21:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/10/16 05:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/17 23:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/21 12:58:08 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV:64bit: - [2009/06/21 12:58:06 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViPciKl.sys -- (NiViPciK)
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/17 14:26:22 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidsarkl.sys -- (nidsark)
DRV:64bit: - [2009/06/17 10:35:48 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1045kl.sys -- (ni1045k)
DRV:64bit: - [2009/06/17 00:15:00 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidmxfkl.sys -- (nidmxfk)
DRV:64bit: - [2009/06/16 23:05:24 | 000,011,880 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimxpkl.sys -- (nimxpk)
DRV:64bit: - [2009/06/14 14:32:28 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niorbkl.sys -- (niorbk)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 16:02:22 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\nipxirmkl.sys -- (nipxirmk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 21:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/28 21:16:50 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niwfrkl.sys -- (niwfrk)
DRV:64bit: - [2009/05/28 21:16:44 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nissrkl.sys -- (nissrk)
DRV:64bit: - [2009/05/28 21:15:32 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niesrkl.sys -- (niesrk)
DRV:64bit: - [2009/05/28 21:14:48 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nixsrkl.sys -- (nixsrk)
DRV:64bit: - [2009/05/28 21:13:54 | 000,011,880 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niufurkl.sys -- (niufurk)
DRV:64bit: - [2009/05/28 21:11:18 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkl.sys -- (niemrk)
DRV:64bit: - [2009/05/28 21:11:12 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicsrkl.sys -- (nicsrk)
DRV:64bit: - [2009/05/28 21:11:06 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkw.sys -- (niemrkw)
DRV:64bit: - [2009/05/26 19:35:44 | 000,012,928 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV:64bit: - [2009/05/26 19:34:42 | 000,883,288 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipalk.sys -- (NIPALK)
DRV:64bit: - [2009/05/26 19:33:28 | 000,012,920 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/01 14:31:02 | 000,026,704 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1065k.sys -- (ni1065k)
DRV:64bit: - [2009/04/01 14:16:54 | 000,030,800 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1006k.sys -- (ni1006k)
DRV:64bit: - [2009/03/30 12:59:00 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisftkl.sys -- (nisftk)
DRV:64bit: - [2009/03/30 12:58:50 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ninshsdkl.sys -- (ninshsdk)
DRV:64bit: - [2009/03/05 15:16:10 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViFWKl.sys -- (NiViFWK)
DRV:64bit: - [2009/02/05 21:32:20 | 000,011,312 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb6xxxkw.sys -- (usb6xxxkw)
DRV:64bit: - [2009/02/05 21:32:16 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisdigkl.sys -- (nisdigk)
DRV:64bit: - [2009/01/05 08:28:30 | 000,011,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nispdkl.sys -- (nispdk)
DRV:64bit: - [2009/01/05 08:28:28 | 000,011,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niscdkl.sys -- (niscdk)
DRV:64bit: - [2009/01/02 16:54:08 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nitiorkl.sys -- (nitiork)
DRV:64bit: - [2009/01/02 16:40:54 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistcrkl.sys -- (nistcrk)
DRV:64bit: - [2009/01/02 16:37:02 | 000,011,824 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistc2kl.sys -- (nistc2k)
DRV:64bit: - [2009/01/02 16:02:10 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicdrkl.sys -- (nicdrk)
DRV:64bit: - [2008/12/29 17:24:58 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimsdrkl.sys -- (nimsdrk)
DRV:64bit: - [2008/12/29 17:17:34 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimstskl.sys -- (nimstsk)
DRV:64bit: - [2008/12/05 15:21:30 | 000,025,224 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvalarmk.sys -- (lvalarmk)
DRV:64bit: - [2008/11/24 00:41:54 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimru2kl.sys -- (nimru2k)
DRV:64bit: - [2008/10/21 08:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008/10/21 08:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/10/21 08:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/10/21 08:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/10/21 08:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/10/21 08:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008/08/21 20:04:58 | 000,016,472 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipbcfk.sys -- (nipbcfk)
DRV:64bit: - [2008/07/28 14:08:00 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niswdkl.sys -- (niswdk)
DRV:64bit: - [2008/06/25 11:02:26 | 000,022,104 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipxigpk.sys -- (nipxigpk)
DRV:64bit: - [2008/06/13 13:51:10 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nidimkl.sys -- (nidimk)
DRV:64bit: - [2008/06/13 13:50:42 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimxdfkl.sys -- (nimxdfk)
DRV:64bit: - [2008/06/13 13:49:08 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimdbgkl.sys -- (nimdbgk)
DRV:64bit: - [2007/03/15 14:05:04 | 000,032,768 | ---- | M] (BIOPAC Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mp35usb.sys -- (MP35USB)
DRV:64bit: - [2007/02/26 11:40:46 | 000,017,696 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni488lock.sys -- (ni488lock)
DRV - [2010/08/19 12:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/10/18 09:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\cvintdrv.sys -- (cvintdrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...48z155t4551o616
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...48z155t4551o616
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...48z155t4551o616
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...48z155t4551o616
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...48z155t4551o616
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...48z155t4551o616
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/13 23:10:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/30 15:21:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/08 22:24:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/07 15:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2010/10/26 02:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/10/26 02:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/01 20:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ikq4y6cr.default\extensions
[2011/07/09 00:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/09 00:06:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/22 15:04:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/09 22:41:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 23:06:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/21 16:06:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/07 04:20:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/13 23:10:11 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/09/30 15:21:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/08/24 13:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2006/01/23 09:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV80Win32.dll
[2007/02/08 09:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2007/07/24 17:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv85win32.dll
[2008/12/10 13:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2009/06/23 18:40:40 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2011/09/17 01:26:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
Hosts file not found
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20100916195647.dll (McAfee, Inc.)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20100916195647.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands64.dll (Wolfram Research, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands32.dll (Wolfram Research, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands64.dll (Wolfram Research, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands32.dll (Wolfram Research, Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [niDevMon] C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE3B00ED-3938-4F4E-AD76-8ED6004628A2}: DhcpNameServer = 167.206.251.129 167.206.251.130
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfevtp - C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/11/25 16:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/13 22:57:12 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\RK_Quarantine
[2011/11/08 17:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/08 16:21:57 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/08 01:01:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2011/11/08 01:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/08 01:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/08 01:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/08 00:10:39 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/11/08 00:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/11/07 23:55:41 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/11/07 16:27:58 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\4634.com.exe
[2011/11/05 20:29:59 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\mlclass-ex1
[2011/11/03 03:35:12 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\filter bank project
[2011/11/03 03:33:33 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\filing system template
[2011/11/01 22:24:49 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\ml-class
[2011/10/29 13:43:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\tomima
[2011/10/27 19:22:06 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{92A2B99C-77CD-46CD-86F6-DF5C52580C85}
[2011/10/26 23:44:50 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\cam
[2010/05/13 07:18:52 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/25 16:33:19 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 16:33:19 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 16:25:15 | 000,000,105 | ---- | M] () -- C:\Windows\Brownie.ini
[2011/11/25 16:24:56 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/25 16:24:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/25 16:24:00 | 3219,771,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/19 16:52:09 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2011/11/13 23:24:32 | 270,026,094 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/08 16:21:57 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/08 16:09:59 | 001,008,092 | ---- | M] () -- C:\Users\Steve\Desktop\7k34v9.com.com
[2011/11/08 06:02:42 | 000,852,777 | ---- | M] () -- C:\Users\Steve\AppData\Local\census.cache
[2011/11/08 06:02:22 | 000,079,198 | ---- | M] () -- C:\Users\Steve\AppData\Local\ars.cache
[2011/11/08 05:48:15 | 000,000,036 | ---- | M] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2011/11/08 05:44:36 | 000,001,464 | ---- | M] () -- C:\Users\Steve\Desktop\firefox - Shortcut.lnk
[2011/11/08 05:43:26 | 000,888,682 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/08 05:43:26 | 000,737,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 05:43:26 | 000,151,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/08 01:00:55 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 00:10:39 | 000,000,685 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/08 00:10:39 | 000,000,661 | ---- | M] () -- C:\Users\Steve\Desktop\System Restore.lnk
[2011/11/08 00:07:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/07 16:27:58 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\4634.com.exe
[2011/11/06 02:00:34 | 000,000,727 | ---- | M] () -- C:\Users\Steve\.octave_hist
[2011/11/06 01:55:37 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2011/11/05 20:29:59 | 000,517,350 | ---- | M] () -- C:\Users\Steve\Desktop\ex1.pdf
[2011/11/05 01:46:16 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/11/02 02:00:58 | 000,038,533 | ---- | M] () -- C:\Users\Steve\.recently-used.xbel
[2011/10/31 05:28:57 | 000,149,504 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\SharedSettings.ccs
[2011/10/30 02:54:05 | 000,093,500 | ---- | M] () -- C:\Users\Steve\Desktop\urgent-ultrascratch.png
[2011/10/30 02:46:34 | 000,132,449 | ---- | M] () -- C:\Users\Steve\Desktop\urgent-scratch2.png
[2011/10/29 22:31:16 | 000,124,161 | ---- | M] () -- C:\Users\Steve\Desktop\urgent-scratch.png
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/19 16:52:09 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2011/11/13 22:58:21 | 000,002,659 | ---- | C] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
[2011/11/13 22:58:21 | 000,002,622 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2011/11/13 22:58:21 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/13 22:58:21 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Vanguard.lnk
[2011/11/13 22:58:21 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/11/13 22:58:20 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2011/11/13 22:58:20 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk
[2011/11/13 22:58:20 | 000,002,360 | ---- | C] () -- C:\Users\Public\Desktop\BSL Lessons 3.7.lnk
[2011/11/13 22:58:20 | 000,002,312 | ---- | C] () -- C:\Users\Public\Desktop\BSL PRO 3.7 .lnk
[2011/11/13 22:58:20 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2011/11/13 22:58:20 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk
[2011/11/13 22:58:20 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/11/13 22:58:20 | 000,001,895 | ---- | C] () -- C:\Users\Public\Desktop\Play RIFT.lnk
[2011/11/13 22:58:20 | 000,001,832 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/11/13 22:58:20 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\Octave-3.2.4.lnk
[2011/11/13 22:58:20 | 000,001,323 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/11/13 22:58:20 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2011/11/13 22:58:20 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/11/13 22:58:20 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Measurement & Automation.lnk
[2011/11/13 22:58:20 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/11/13 22:58:20 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2011/11/13 22:58:20 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\CanoScan Toolbox 4.9.lnk
[2011/11/13 22:58:19 | 000,002,450 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/11/13 22:58:19 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/13 22:58:19 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/13 22:58:19 | 000,001,422 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/11/13 22:58:19 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/11/13 22:58:19 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/13 22:58:19 | 000,001,269 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/11/13 22:58:19 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/13 22:58:19 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/13 22:58:18 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/11/13 22:58:17 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/11/13 22:58:15 | 000,001,070 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments LabVIEW 8.5.lnk
[2011/11/13 22:58:13 | 000,002,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/11/13 22:58:13 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/11/13 22:58:13 | 000,001,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/13 22:58:11 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/11/13 22:58:10 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/13 22:58:10 | 000,001,035 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2011/11/13 22:58:06 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/13 22:58:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/13 22:58:05 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2011/11/08 16:18:39 | 001,008,092 | ---- | C] () -- C:\Users\Steve\Desktop\7k34v9.com.com
[2011/11/08 06:02:42 | 000,852,777 | ---- | C] () -- C:\Users\Steve\AppData\Local\census.cache
[2011/11/08 06:02:22 | 000,079,198 | ---- | C] () -- C:\Users\Steve\AppData\Local\ars.cache
[2011/11/08 05:48:15 | 000,000,036 | ---- | C] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2011/11/08 05:44:36 | 000,001,464 | ---- | C] () -- C:\Users\Steve\Desktop\firefox - Shortcut.lnk
[2011/11/08 01:00:55 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 00:10:39 | 000,000,685 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/08 00:10:39 | 000,000,661 | ---- | C] () -- C:\Users\Steve\Desktop\System Restore.lnk
[2011/11/02 02:00:58 | 000,038,533 | ---- | C] () -- C:\Users\Steve\.recently-used.xbel
[2011/10/30 00:25:19 | 000,132,449 | ---- | C] () -- C:\Users\Steve\Desktop\urgent-scratch2.png
[2011/10/29 22:24:52 | 000,124,161 | ---- | C] () -- C:\Users\Steve\Desktop\urgent-scratch.png
[2011/10/29 22:16:46 | 000,093,500 | ---- | C] () -- C:\Users\Steve\Desktop\urgent-ultrascratch.png
[2011/03/04 02:07:33 | 000,149,504 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\SharedSettings.ccs
[2010/11/25 01:30:35 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/10/26 02:11:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/15 18:07:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nidmfpan.ini
[2010/09/17 13:34:48 | 000,000,069 | ---- | C] () -- C:\Windows\pxisys.ini
[2010/09/17 13:34:48 | 000,000,030 | ---- | C] () -- C:\Windows\pxiesys.ini
[2010/09/03 17:27:02 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/09/03 17:27:02 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/09/03 17:26:34 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010/09/03 17:26:33 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2010/09/03 17:26:27 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/03 17:26:27 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
[2010/09/03 17:25:41 | 000,000,105 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/08/31 17:04:48 | 000,000,093 | ---- | C] () -- C:\Users\Steve\AppData\Local\fusioncache.dat
[2010/08/31 17:01:48 | 000,882,898 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/26 23:59:43 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/08/26 23:59:27 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/08/26 23:59:27 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/05/13 08:00:36 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/13 07:59:42 | 000,001,614 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/05/13 07:29:46 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/05/13 07:18:52 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2010/05/13 07:18:52 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/05/13 07:18:52 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010/05/13 07:18:52 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010/05/13 07:18:52 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010/05/13 07:13:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/13 04:16:14 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/04/13 04:16:14 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/04/13 04:16:14 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/14 13:15:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/07 17:20:24 | 000,050,208 | ---- | C] () -- C:\Windows\SysWow64\nispdu.dll
[2009/01/05 08:28:12 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\niscdrau.dll
[2005/10/18 09:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\cvintdrv.sys
========== Custom Scans ==========
< %temp%\smtmp\*.* /s >
[2009/07/14 00:01:14 | 000,001,282 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Default Programs.lnk
[2009/07/14 00:01:14 | 000,000,442 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\desktop.ini
[2010/10/02 23:20:07 | 000,002,012 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Vanguard - Saga of Heroes.lnk
[2009/07/13 23:49:40 | 000,001,266 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Windows Update.lnk
[2011/04/12 22:35:34 | 000,002,217 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\WinZip.lnk
[2010/04/13 03:54:36 | 000,001,011 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acrobat.com.lnk
[2011/06/08 22:24:06 | 000,002,441 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader X.lnk
[2010/09/22 23:54:28 | 000,002,519 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
[2011/04/22 02:02:17 | 000,001,748 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\desktop.ini
[2010/11/29 23:41:03 | 000,001,035 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Inkscape.lnk
[2010/04/13 03:46:05 | 000,001,345 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
[2010/05/13 07:28:36 | 000,002,557 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2010/08/27 03:49:19 | 000,001,151 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
[2011/05/07 00:30:25 | 000,001,114 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
[2011/08/03 17:12:33 | 000,002,062 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Mozilla Thunderbird.lnk
[2010/09/17 12:15:01 | 000,001,070 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments LabVIEW 8.5.lnk
[2009/07/13 23:57:08 | 000,001,330 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
[2009/07/13 23:57:09 | 000,001,352 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
[2010/04/13 03:46:01 | 000,001,326 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
[2009/07/13 23:54:59 | 000,001,210 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
[2011/04/22 02:01:31 | 000,001,422 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Live Mail.lnk
[2011/04/22 02:01:48 | 000,002,450 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Live Messenger.lnk
[2011/04/22 02:02:00 | 000,001,269 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Live Movie Maker.lnk
[2011/04/22 02:02:17 | 000,001,338 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Live Photo Gallery.lnk
[2010/10/13 15:46:00 | 000,001,547 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
[2009/07/13 23:57:08 | 000,001,246 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
[2010/09/03 22:41:04 | 000,001,899 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Bluetooth File Transfer Wizard.lnk
[2009/07/13 23:55:00 | 000,001,230 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2010/09/03 22:41:04 | 000,001,876 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Desktop.ini
[2009/07/13 23:54:23 | 000,001,266 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
[2010/04/13 03:46:10 | 000,001,364 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
[2009/07/27 14:44:29 | 000,001,238 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
[2009/07/13 23:54:32 | 000,001,242 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2009/07/13 23:53:55 | 000,001,367 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2010/04/13 03:46:05 | 000,001,272 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
[2009/07/13 23:57:08 | 000,001,330 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
[2010/04/13 03:46:07 | 000,001,351 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
[2009/07/13 23:54:58 | 000,001,254 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
[2009/07/13 23:57:09 | 000,001,579 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
[2009/07/13 23:54:58 | 000,001,322 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
[2009/07/13 23:57:07 | 000,000,370 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Desktop.ini
[2009/07/13 23:57:07 | 000,001,388 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
[2011/03/22 19:51:24 | 000,002,198 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center Programs\The Lord of the Rings Online.lnk
[2009/07/13 23:55:00 | 000,001,248 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2009/07/13 23:57:09 | 000,001,338 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Desktop.ini
[2009/07/13 23:54:25 | 000,001,290 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
[2009/07/13 23:54:58 | 000,001,252 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2009/07/13 23:53:50 | 000,001,242 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
[2009/07/13 23:53:33 | 000,001,250 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2009/07/13 23:54:57 | 000,001,246 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2009/07/13 23:54:29 | 000,001,268 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
[2009/07/13 23:57:09 | 000,001,320 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
[2009/07/13 23:57:09 | 000,001,316 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
[2010/04/13 03:46:05 | 000,000,343 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Desktop.ini
[2010/04/13 03:46:05 | 000,001,436 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
[2010/04/13 03:46:05 | 000,001,386 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
[2010/04/13 03:46:00 | 000,001,316 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
[2009/07/13 23:57:13 | 000,000,216 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\desktop.ini
[2009/07/14 00:32:31 | 000,001,989 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
[2009/07/13 23:57:13 | 000,001,468 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
[2009/07/13 23:57:13 | 000,001,468 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
[2009/07/14 00:32:31 | 000,001,899 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
[2010/04/13 04:33:03 | 000,002,287 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acer Backup Manager\Acer Backup Manager.lnk
[2010/05/13 07:18:52 | 000,001,520 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acer Crystal Eye Webcam\Acer Crystal Eye Webcam.lnk
[2010/05/13 07:18:52 | 000,002,437 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acer Crystal Eye Webcam\uninstall.lnk
[2010/04/13 04:40:38 | 000,002,037 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acer\Acer eRecovery Management.lnk
[2010/04/13 03:57:24 | 000,000,639 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acer\Acer Updater.lnk
[2010/04/13 03:57:18 | 000,000,111 | -H-- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acer\desktop.ini
[2010/04/13 03:57:18 | 000,002,147 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acer\Identity Card.lnk
[2010/04/13 03:58:43 | 000,002,124 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Acer\Welcome Center.lnk
[2008/04/24 16:31:56 | 000,000,358 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\AcerSystem\AcerSystem User's Guide.lnk
[2008/04/24 17:28:28 | 000,000,337 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\AcerSystem\AcerSystem User's Quick Guide.lnk
[2009/07/13 23:57:13 | 000,001,242 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2009/07/13 23:54:21 | 000,001,294 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2009/07/13 23:53:52 | 000,001,270 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2009/07/13 23:57:13 | 000,001,674 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
[2009/07/13 23:54:29 | 000,001,298 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2009/07/13 23:54:22 | 000,001,274 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
[2009/07/13 23:53:33 | 000,001,268 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
[2010/08/31 17:01:52 | 000,001,332 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
[2010/08/31 17:01:52 | 000,001,383 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
[2009/07/13 23:53:50 | 000,001,232 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
[2009/07/13 23:53:33 | 000,001,246 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
[2009/07/13 23:54:29 | 000,001,262 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
[2009/07/13 23:53:58 | 000,001,274 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
[2009/07/14 00:32:31 | 000,002,741 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
[2011/02/11 15:06:34 | 000,001,931 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\AIM\AIM.lnk
[2011/02/11 15:06:34 | 000,001,060 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\AIM\Uninstall AIM.lnk
[2011/02/11 15:06:34 | 000,000,044 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\AIM\Visit AIM on the Web.url
[2010/12/17 13:34:26 | 000,001,795 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Bamboo\Bamboo Preference File Utility.lnk
[2010/12/17 13:34:26 | 000,001,709 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Bamboo\Bamboo Preferences.lnk
[2010/12/17 13:34:26 | 000,000,305 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Bamboo\desktop.ini
[2010/12/17 13:34:26 | 000,001,657 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Bamboo\Read Me.lnk
[2010/11/11 13:12:26 | 000,002,384 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Biopac Student Lab\BSL 3.7\BSL Lessons 3.7.lnk
[2010/11/11 13:12:27 | 000,002,336 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Biopac Student Lab\BSL 3.7\BSL PRO 3.7 .lnk
[2010/09/03 17:27:03 | 000,002,189 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Brother HL-2170W\Driver Help file.lnk
[2010/09/03 17:27:02 | 000,002,176 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Brother HL-2170W\HL-2170W Interactive Help.lnk
[2010/09/03 17:27:03 | 000,001,930 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Brother HL-2170W\Status Monitor.lnk
[2010/09/03 17:27:02 | 000,002,102 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Brother HL-2170W\UnInstall.lnk
[2010/09/03 17:27:02 | 000,002,038 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Brother HL-2170W\User's Guides in HTML format.lnk
[2010/09/03 17:27:03 | 000,002,190 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Brother HL-2170W\User's Guides in PDF format.lnk
[2010/09/27 15:33:00 | 000,002,152 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Canon\CanoScan Toolbox 4.5\CanoScan Toolbox 4.5.lnk
[2010/09/27 15:33:00 | 000,000,932 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Canon\CanoScan Toolbox 4.5\Read Me.lnk
[2010/09/27 15:33:00 | 000,002,595 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Canon\CanoScan Toolbox 4.5\Uninstall CanoScan Toolbox 4.5.lnk
[2010/11/17 07:06:59 | 000,002,152 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Canon\CanoScan Toolbox 4.9\CanoScan Toolbox 4.9.lnk
[2010/11/17 07:06:59 | 000,000,946 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Canon\CanoScan Toolbox 4.9\Read Me.lnk
[2010/11/17 07:06:59 | 000,002,595 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Canon\CanoScan Toolbox 4.9\Uninstall CanoScan Toolbox 4.9.lnk
[2010/05/13 07:17:15 | 000,002,096 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\CCC - Advanced.lnk
[2010/05/13 07:17:15 | 000,002,090 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\CCC - Wizard.lnk
[2010/05/13 07:17:15 | 000,002,084 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\CCC.lnk
[2010/05/13 07:17:15 | 000,002,098 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\Help.lnk
[2010/05/13 07:17:15 | 000,002,080 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\Restart Runtime.lnk
[2011/03/04 02:07:23 | 000,002,065 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\CoffeeCup Software\CoffeeCup Free FTP.lnk
[2010/05/13 07:22:00 | 000,001,214 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\CyberLink PowerDVD 9\CyberLink PowerDVD 9.lnk
[2010/05/13 07:22:00 | 000,000,368 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\CyberLink PowerDVD 9\desktop.ini
[2010/05/13 07:22:00 | 000,001,142 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\CyberLink PowerDVD 9\Online registration.lnk
[2010/05/13 07:22:00 | 000,001,374 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\CyberLink PowerDVD 9\PowerDVD 9 Help file.lnk
[2010/05/13 07:22:00 | 000,001,357 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\CyberLink PowerDVD 9\Read Me.lnk
[2010/04/13 04:43:55 | 000,002,103 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\EgisTec\Shredder.lnk
[2010/04/13 04:43:10 | 000,002,261 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\EgisTec\MyWinLocker\MyWinLocker.lnk
[2010/04/13 04:43:10 | 000,002,122 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\EgisTec\MyWinLocker\Online Help.lnk
[2010/04/13 03:54:22 | 000,000,042 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\eSobi v2\desktop.ini
[2010/04/13 03:54:22 | 000,002,719 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\eSobi v2\eSobi v2.lnk
[2010/04/13 04:37:54 | 000,002,253 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Bejeweled 2 Deluxe.lnk
[2010/04/13 04:37:54 | 000,002,262 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Blackhawk Striker 2.lnk
[2010/04/13 04:37:54 | 000,002,374 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Bob the Builder Can-Do-Zoo.lnk
[2010/04/13 04:37:54 | 000,002,208 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Build-a-lot 2.lnk
[2010/04/13 03:46:00 | 000,000,352 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
[2010/04/13 04:37:36 | 000,001,434 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Club Penguin.lnk
[2011/04/02 04:37:35 | 000,001,143 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\desktop.ini
[2010/08/31 17:04:17 | 000,000,274 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Dungeons & Dragons Online® Eberron Unlimited™.lnk
[2010/04/13 04:37:54 | 000,002,375 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Escape Rosecliff Island.lnk
[2010/04/13 04:37:54 | 000,002,326 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Faerie Solitaire.lnk
[2010/08/26 23:59:19 | 000,000,852 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Far Cry® 2.lnk
[2010/04/13 04:37:54 | 000,002,254 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\FATE - The Traitor Soul.lnk
[2009/07/13 23:55:00 | 000,000,364 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
[2009/07/13 23:54:59 | 000,000,258 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk
[2009/07/13 23:57:12 | 000,000,356 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2010/04/13 03:46:01 | 000,000,474 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2010/04/13 03:46:01 | 000,000,470 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2010/04/13 03:46:00 | 000,000,466 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2010/04/13 04:37:54 | 000,002,312 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Jewel Quest Solitaire 3.lnk
[2010/12/29 17:48:23 | 000,000,202 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Just Cause 2.lnk
[2010/04/13 03:46:01 | 000,000,360 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
[2009/07/13 23:57:12 | 000,000,376 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2010/04/13 04:37:54 | 000,002,163 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Monopoly.lnk
[2010/04/13 04:37:56 | 000,002,453 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\More Games from Acer Games.lnk
[2010/04/13 04:37:54 | 000,002,464 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Mystery P.I. - Lost in Los Angeles.lnk
[2010/04/13 04:37:54 | 000,002,158 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Penguins!.lnk
[2010/04/13 04:37:54 | 000,002,292 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Plants vs. Zombies.lnk
[2010/04/13 04:37:54 | 000,002,164 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Bowler.lnk
[2010/04/13 04:37:54 | 000,002,155 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Golfer.lnk
[2009/07/13 23:57:12 | 000,000,378 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Purble Place.lnk
[2010/04/13 04:37:54 | 000,002,229 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Scrabble Plus.lnk
[2009/07/13 23:55:01 | 000,000,368 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2009/07/13 23:57:12 | 000,000,392 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2011/03/22 19:54:51 | 000,000,806 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\The Lord of the Rings Online™.lnk
[2010/04/13 04:37:54 | 000,002,274 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\The Price is Right.lnk
[2010/04/13 04:37:54 | 000,002,277 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Virtual Families.lnk
[2010/04/13 04:37:54 | 000,002,403 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Virtual Villagers - A New Home.lnk
[2011/04/02 04:37:35 | 000,002,644 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\WildTangent Games App - acer.lnk
[2010/04/13 04:37:54 | 000,002,131 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Yahtzee.lnk
[2010/04/13 04:37:54 | 000,002,146 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Games\Zuma Deluxe.lnk
[2010/11/29 23:31:17 | 000,001,117 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GIMP\GIMP 2.lnk
[2010/11/29 23:31:17 | 000,001,135 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GIMP\Uninstall.lnk
[2011/05/25 01:01:30 | 000,000,807 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\CHANGELOG.lnk
[2011/05/25 01:01:30 | 000,000,822 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\KNOWN_ISSUES.lnk
[2011/05/25 01:01:30 | 000,001,019 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Notepad++.lnk
[2011/05/25 01:01:29 | 000,001,774 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Octave.lnk
[2011/05/25 01:01:30 | 000,000,635 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Uninstall.lnk
[2011/05/25 01:01:29 | 000,000,884 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\WGnuplot.lnk
[2011/05/25 01:01:30 | 000,000,989 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Documentation\Gnuplot.lnk
[2011/05/25 01:01:30 | 000,001,183 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Documentation\HTML\FAQ.lnk
[2011/05/25 01:01:30 | 000,001,192 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Documentation\HTML\Octave C++ API.lnk
[2011/05/25 01:01:30 | 000,001,202 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Documentation\HTML\Octave.lnk
[2011/05/25 01:01:30 | 000,001,089 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Documentation\PDF\FAQ.lnk
[2011/05/25 01:01:30 | 000,001,084 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Documentation\PDF\Octave C++ API.lnk
[2011/05/25 01:01:30 | 000,001,067 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Documentation\PDF\Octave.lnk
[2011/05/25 01:01:30 | 000,001,089 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\GNU Octave 3.2.4\Documentation\PDF\Quick Reference Card.lnk
[2009/07/13 23:57:07 | 000,001,304 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
[2009/07/13 23:57:07 | 000,001,248 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
[2009/07/13 23:57:09 | 000,000,606 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Desktop.ini
[2009/07/13 23:57:09 | 000,001,212 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
[2011/11/05 01:46:16 | 000,001,850 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\McAfee\McAfee Internet Security Suite.lnk
[2010/04/13 04:27:35 | 000,000,098 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\desktop.ini
[2010/04/13 04:27:35 | 000,001,341 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office - 60 Day Trial.lnk
[2010/04/13 04:01:55 | 000,002,655 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
[2010/04/13 04:01:55 | 000,002,619 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
[2010/04/13 04:01:55 | 000,002,645 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
[2010/04/13 04:01:55 | 000,002,693 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
[2010/04/13 04:01:55 | 000,002,647 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
[2010/04/13 04:01:55 | 000,002,627 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2010/04/13 04:01:55 | 000,002,527 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
[2010/04/13 04:01:55 | 000,002,625 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
[2010/04/13 04:01:55 | 000,002,605 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
[2011/10/12 02:16:06 | 000,002,231 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
[2010/09/12 16:20:40 | 000,001,181 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft SQL Server 2008\Import and Export Data (64-bit).lnk
[2010/09/12 16:19:55 | 000,000,860 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft SQL Server 2008\Configuration Tools\SQL Server Configuration Manager.lnk
[2010/09/12 16:20:40 | 000,001,105 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft SQL Server 2008\Configuration Tools\SQL Server Error and Usage Reporting.lnk
[2010/09/12 16:18:11 | 000,001,362 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft SQL Server 2008\Configuration Tools\SQL Server Installation Center (64-bit).lnk
[2011/06/15 02:30:31 | 000,001,159 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Visual Studio 2010 Express\Microsoft Visual C++ 2010 Express.lnk
[2010/09/12 16:15:00 | 000,000,200 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Visual Studio 2010 Express\Try Visual Studio 2010 Professional.url
[2010/09/12 16:15:03 | 000,001,902 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Visual Studio 2010 Express\Visual Studio Command Prompt (2010).lnk
[2010/05/13 07:28:19 | 000,002,577 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
[2010/05/13 07:28:19 | 000,002,597 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
[2010/05/13 07:28:19 | 000,002,605 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
[2010/05/13 07:28:19 | 000,002,647 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
[2010/12/16 03:02:35 | 000,002,629 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
[2010/08/27 03:49:19 | 000,001,157 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
[2010/05/13 07:28:19 | 000,002,649 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
[2010/12/16 03:02:35 | 000,002,617 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Works without Ads.lnk
[2010/09/24 12:27:33 | 000,001,114 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\Measurement & Automation.lnk
[2010/09/24 12:45:38 | 000,001,428 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI License Manager.lnk
[2010/09/17 12:28:09 | 000,001,499 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI Registration Wizard.lnk
[2010/09/17 12:43:23 | 000,001,146 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI Spy.lnk
[2010/09/17 12:51:40 | 000,001,198 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\DataSocket\DataSocket Server Help.lnk
[2010/09/17 12:09:29 | 000,001,082 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\DataSocket\DataSocket Server Manager.lnk
[2010/09/17 12:09:29 | 000,001,063 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\DataSocket\DataSocket Server.lnk
[2010/09/24 12:16:41 | 000,001,051 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\IVI\IVI Compliance Package Readme.lnk
[2010/09/24 12:18:05 | 000,001,115 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\IVI\IVI Driver Help.lnk
[2010/09/24 12:16:41 | 000,001,082 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\IVI\Release Notes\IVI Compliance Package Release Notes.lnk
[2010/09/17 12:10:40 | 000,001,166 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\LabVIEW 8.5\LabVIEW Help.lnk
[2010/09/17 12:15:00 | 000,001,058 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\LabVIEW 8.5\LabVIEW Manuals.lnk
[2010/09/17 12:15:01 | 000,001,082 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\LabVIEW 8.5\LabVIEW.lnk
[2010/09/17 12:15:00 | 000,001,053 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\LabVIEW 8.5\Readme.lnk
[2010/09/24 12:57:23 | 000,001,251 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\LabVIEW SignalExpress\Getting Started with LabVIEW SignalExpress.lnk
[2010/09/24 12:57:23 | 000,001,122 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\LabVIEW SignalExpress\LabVIEW SignalExpress 2009.lnk
[2010/09/24 12:57:23 | 000,001,092 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\LabVIEW SignalExpress\Readme.lnk
[2010/09/17 12:27:17 | 000,001,285 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-488.2\Add GPIB-ENET-100 Wizard.lnk
[2010/09/17 12:27:17 | 000,002,327 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-488.2\GPIB Analyzer.lnk
[2010/09/17 12:27:17 | 000,001,246 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-488.2\Interactive Control.lnk
[2010/09/17 12:27:17 | 000,001,279 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-488.2\NI-488.2 Help.lnk
[2010/09/17 12:27:17 | 000,001,290 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-488.2\Troubleshooting Utility.lnk
[2010/09/24 12:39:07 | 000,001,137 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\DAQ Getting Started Guide.lnk
[2010/09/24 12:35:08 | 000,001,591 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\LabVIEW SignalExpress for DAQ.lnk
[2010/09/24 12:44:57 | 000,001,207 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\NI Device Monitor.lnk
[2010/09/24 12:39:07 | 000,001,055 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\NI-DAQ Readme.lnk
[2010/09/24 12:39:07 | 000,001,137 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\NI-DAQmx for NI WLS ENET-9163 Getting Started.lnk
[2010/09/24 12:39:07 | 000,001,137 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\NI-DAQmx for USB Devices Getting Started.lnk
[2010/09/24 12:39:32 | 000,001,142 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\NI-DAQmx Help.lnk
[2010/09/24 12:39:07 | 000,001,142 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\Online DAQ Support.lnk
[2010/09/24 12:39:07 | 000,001,137 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\SCXI Quick Start Guide.lnk
[2010/09/24 12:37:11 | 000,001,604 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\Text-Based Code Support\.NET 2.0 Examples.lnk
[2010/09/24 12:38:46 | 000,001,621 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\Text-Based Code Support\ANSI C Examples.lnk
[2010/09/24 12:37:11 | 000,001,180 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\Text-Based Code Support\NI-DAQmx .NET Framework 2.0 Help.lnk
[2010/09/24 12:38:46 | 000,001,143 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\NI-DAQ\Text-Based Code Support\NI-DAQmx C Reference Help.lnk
[2010/09/17 12:12:10 | 000,001,290 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\Variable Manager\Variable Manager Help.lnk
[2010/09/17 12:12:11 | 000,001,201 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\Variable Manager\Variable Manager.lnk
[2010/09/17 12:28:19 | 000,001,278 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\VISA\Driver Wizard.lnk
[2010/09/17 12:28:19 | 000,001,301 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\VISA\Examples.lnk
[2010/09/17 12:29:17 | 000,001,233 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\VISA\Remote Server.lnk
[2010/09/17 12:28:19 | 000,001,213 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\VISA\VISA Interactive Control.lnk
[2010/09/17 12:28:18 | 000,001,212 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\VISA\Documentation\NI-VISA Help.lnk
[2010/09/24 12:20:33 | 000,001,214 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\National Instruments\VISA\Documentation\NI-VISA Readme.lnk
[2010/09/09 23:08:47 | 000,002,097 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NetBeans\NetBeans IDE 6.9.1.lnk
[2010/04/13 04:41:15 | 000,002,413 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Norton Online Backup\Norton Online Backup.lnk
[2010/04/13 04:30:39 | 000,002,100 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NTI Backup Now 5\NTI Backup Now 5.lnk
[2010/04/13 04:29:42 | 000,002,436 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NTI Media Maker 8\Audio Editor.lnk
[2010/04/13 04:29:42 | 000,002,464 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NTI Media Maker 8\Digital Jack.lnk
[2010/04/13 04:29:42 | 000,002,406 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NTI Media Maker 8\DVD Fit.lnk
[2010/04/13 04:29:42 | 000,002,471 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NTI Media Maker 8\JewelCase Maker.lnk
[2010/04/13 04:29:42 | 000,002,297 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NTI Media Maker 8\NTI Media Maker 8.lnk
[2010/04/13 04:29:42 | 000,002,447 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NTI Media Maker 8\Photo Maker.lnk
[2010/04/13 04:29:42 | 000,002,425 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\NTI Media Maker 8\Ripper.lnk
[2010/11/22 15:07:38 | 000,000,036 | -H-- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\Desktop.ini
[2010/11/22 15:07:18 | 000,001,098 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Base.lnk
[2010/11/22 15:07:18 | 000,001,082 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Calc.lnk
[2010/11/22 15:07:18 | 000,001,032 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Draw.lnk
[2010/11/22 15:07:18 | 000,001,092 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Impress.lnk
[2010/11/22 15:07:18 | 000,001,034 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Math.lnk
[2010/11/22 15:07:18 | 000,001,106 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Writer.lnk
[2010/11/22 15:07:18 | 000,001,138 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org.lnk
[2011/03/17 14:27:33 | 000,001,071 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Oracle VM VirtualBox\License (English).lnk
[2011/03/17 14:27:33 | 000,001,138 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Oracle VM VirtualBox\User manual (English).lnk
[2011/03/17 14:27:33 | 000,001,056 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Oracle VM VirtualBox\VirtualBox.lnk
[2010/11/29 19:29:38 | 000,002,441 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2010/11/29 19:29:38 | 000,002,471 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2010/11/29 19:29:38 | 000,002,441 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2010/11/29 19:29:38 | 000,001,820 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2011/07/12 04:31:47 | 000,001,955 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\RIFT\Play RIFT.lnk
[2011/07/12 04:31:47 | 000,001,909 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\RIFT\RIFT Game Website.lnk
[2011/07/12 04:31:46 | 000,002,116 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\RIFT\Uninstall RIFT.lnk
[2011/07/09 00:06:07 | 000,002,533 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Skype\Skype.lnk
[2011/02/01 00:36:57 | 000,002,919 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\SmartFTP Client\SmartFTP Client.lnk
[2011/02/01 00:36:57 | 000,002,613 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\SmartFTP Client\Tools\Backup Tool.lnk
[2011/09/18 01:27:59 | 000,002,252 | R--- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Sony Ericsson\Sony Ericsson PC Companion\Sony Ericsson PC Companion 2.0.lnk
[2011/09/18 01:27:59 | 000,002,453 | R--- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Sony Ericsson\Sony Ericsson PC Companion\Uninstall.lnk
[2011/04/09 18:14:03 | 000,000,235 | R--- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Sony Ericsson\Sony Ericsson PC Companion\www.sonyericsson.com.url
[2011/04/24 01:00:24 | 000,001,873 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Sony\Media Go\Media Go.lnk
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Startup\desktop.ini
[2010/12/29 17:34:50 | 000,002,573 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Steam\Steam Support Center.lnk
[2010/12/29 17:45:03 | 000,001,011 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Steam\Steam.lnk
[2011/01/29 19:03:06 | 000,000,974 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Symphony Studio\Command Line Tools.lnk
[2011/01/29 19:03:05 | 000,001,690 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Symphony Studio\Symphony Studio.lnk
[2011/01/29 19:03:06 | 000,000,682 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Symphony Studio\Uninstall Symphony Studio.lnk
[2011/01/29 19:03:06 | 000,000,783 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Symphony Studio\User Manual.lnk
[2011/03/22 19:51:24 | 000,000,054 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Account Management Website.url
[2011/03/22 19:51:24 | 000,000,054 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Community Website.url
[2011/03/22 19:51:24 | 000,001,242 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\README.lnk
[2011/03/22 19:51:24 | 000,000,054 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Support Website.url
[2011/03/22 19:51:22 | 000,002,253 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\The Lord of the Rings Online.lnk
[2011/03/22 19:51:24 | 000,000,046 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Turbine, Inc..url
[2011/03/22 19:51:24 | 000,002,103 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Uninstall The Lord of the Rings Online.lnk
[2011/03/22 19:51:24 | 000,001,212 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\User Manual (pdf).lnk
[2010/10/02 23:01:29 | 000,001,798 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Vanguard - Saga of Heroes\Vanguard - Saga of Heroes.lnk
[2011/03/15 18:04:48 | 000,002,053 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\VMware\VMware Player.lnk
[2011/04/22 02:02:48 | 000,000,095 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Live\desktop.ini
[2011/04/22 02:02:48 | 000,002,350 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
[2011/04/12 22:35:34 | 000,002,229 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\WinZip\WinZip 15.0.lnk
[2010/09/26 17:03:37 | 000,001,112 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Wolfram Mathematica\Mathematica Player 7.lnk
[2010/09/26 17:03:38 | 000,002,438 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Wolfram Mathematica\Uninstall Mathematica Player.lnk
[2010/11/20 18:03:06 | 000,002,377 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Wolfram Mathematica\Uninstall Wolfram Mathematica 7 for Students.lnk
[2010/11/20 18:03:06 | 000,001,042 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Wolfram Mathematica\Wolfram Mathematica 7 for Students Kernel.lnk
[2010/11/20 18:03:06 | 000,001,047 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Wolfram Mathematica\Wolfram Mathematica 7 for Students.lnk
[2011/06/08 22:24:07 | 000,001,983 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Adobe Reader X.lnk
[2011/02/11 15:06:34 | 000,001,913 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\AIM.lnk
[2010/11/11 13:12:27 | 000,002,360 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\BSL Lessons 3.7.lnk
[2010/11/11 13:12:27 | 000,002,312 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\BSL PRO 3.7 .lnk
[2010/11/17 07:06:58 | 000,000,984 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\CanoScan Toolbox 4.9.lnk
[2011/04/02 04:37:35 | 000,006,006 | -HS- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\desktop.ini
[2010/08/26 06:52:57 | 000,002,609 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\eBay.lnk
[2010/11/29 23:31:17 | 000,001,099 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\GIMP 2.lnk
[2010/11/29 23:40:42 | 000,001,011 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Inkscape.lnk
[2011/11/05 01:46:16 | 000,001,832 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\McAfee Internet Security Suite.lnk
[2010/09/24 12:27:33 | 000,001,096 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Measurement & Automation.lnk
[2010/04/13 04:27:35 | 000,001,323 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Microsoft Office - 60 Day Trial.lnk
[2010/08/27 03:49:19 | 000,001,139 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Microsoft Works.lnk
[2010/09/09 23:08:47 | 000,002,079 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\NetBeans IDE 6.9.1.lnk
[2010/08/26 06:53:12 | 000,002,102 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Netflix.lnk
[2010/04/13 04:41:15 | 000,002,413 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Norton Online Backup.lnk
[2011/05/25 01:01:30 | 000,001,756 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Octave-3.2.4.lnk
[2011/03/17 14:27:33 | 000,001,038 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Oracle VM VirtualBox.lnk
[2011/07/12 04:32:15 | 000,001,895 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Play RIFT.lnk
[2011/07/09 00:06:07 | 000,002,515 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Skype.lnk
[2011/02/01 00:36:57 | 000,002,659 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\SmartFTP Client.lnk
[2010/12/29 17:45:03 | 000,000,993 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Steam.lnk
[2010/10/02 23:20:07 | 000,002,006 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\Vanguard.lnk
[2011/04/02 04:37:35 | 000,002,622 | ---- | M] () -- C:\Users\Steve\AppData\Local\Temp\smtmp\4\WildTangent Games App - acer.lnk
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\system64\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\system64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\system64\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/04/13 04:19:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steve\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steve\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steve\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/04/13 04:07:59 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/04/13 04:19:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/04/13 04:07:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steve\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steve\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steve\AppData\Local\Temp\RarSFX2\h\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/04/13 04:19:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/04/13 04:07:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/04/13 04:19:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/04/13 04:07:59 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTORV.SYS >
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\system64\drivers\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\system64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 01:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\system64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\system64\netlogon.dll
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NTOSKRNL.EXE >
[2011/04/09 01:21:32 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=0F4A148499CC6FA5D84A0F1587869051 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntoskrnl.exe
[2011/06/23 00:31:31 | 005,474,688 | ---- | M] (Microsoft Corporation) MD5=12EC6D619756240886680523392EEF9C -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_c8a3295ae6faad36\ntoskrnl.exe
[2010/11/20 07:30:06 | 003,911,040 | ---- | M] (Microsoft Corporation) MD5=2088D9994332583EDB3C561DE31EA5AD -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[2011/04/09 01:54:07 | 005,475,712 | ---- | M] (Microsoft Corporation) MD5=240D89BBE5BCD168D748D6C12B6FE884 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_c8d63818e6d4d57c\ntoskrnl.exe
[2010/06/19 02:05:01 | 005,507,968 | ---- | M] (Microsoft Corporation) MD5=28C4FE45FC1B176FA74A48FB15DE7C9A -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_c8730901cd997f9b\ntoskrnl.exe
[2010/06/19 02:05:25 | 005,474,184 | ---- | M] (Microsoft Corporation) MD5=5223C216E348E397C5EACCBEFB57FFF2 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_c8e8063ee6c6709e\ntoskrnl.exe
[2011/06/23 00:43:12 | 005,561,216 | ---- | M] (Microsoft Corporation) MD5=577841951E8BAD6EA8288106693CD39F -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_ca31f809cade8847\ntoskrnl.exe
[2011/04/09 01:02:25 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=5D21C487F79F8245E799071589E035BF -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe
[2011/06/22 23:32:02 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=638A384E9968036D42BDBDE499A1C8B8 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntoskrnl.exe
[2010/10/26 23:43:38 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=776201760B5692F10DDA3BE85B54F213 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntoskrnl.exe
[2010/06/19 01:33:29 | 003,899,784 | ---- | M] (Microsoft Corporation) MD5=8218E74A67942120BF8EE30661EDF83F -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntoskrnl.exe
[2011/06/23 00:55:25 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=90EFDB506F6140EEA9DEE398D9449D86 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[2011/04/09 01:50:20 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=99C2715F138E7ED2F489AB796DD3B53C -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe
[2009/07/13 20:48:28 | 005,511,248 | ---- | M] (Microsoft Corporation) MD5=9E722B768E33D26AD8FA7D642E707443 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[2009/07/13 20:20:44 | 003,899,472 | ---- | M] (Microsoft Corporation) MD5=B9D673F7707219DFD264891A26C21ECB -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe
[2010/10/26 23:33:37 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=C6169F5FDC8399E0C6C0729AB6EF2EF8 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntoskrnl.exe
[2010/11/20 08:33:46 | 005,563,776 | ---- | M] (Microsoft Corporation) MD5=C6CEC3E6CC9842B73501C70AA64C00FE -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[2011/06/23 00:22:01 | 005,561,728 | ---- | M] (Microsoft Corporation) MD5=CE6AF5EC2DB1567B6297ADCB56B39B5D -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe
[2011/04/09 01:01:20 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=D385343510B75545EC5DB3A64C2D2492 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe
[2010/06/19 01:37:01 | 003,909,512 | ---- | M] (Microsoft Corporation) MD5=D5662CD1F9B85936561A07ADC400ACF4 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntoskrnl.exe
[2011/04/09 02:02:55 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=D60D9BCEAE5870A67E6C167F4681877B -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe
[2011/04/09 01:13:06 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=D9FD1D6337F15AAF2012C69909615DB5 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntoskrnl.exe
[2011/06/22 23:38:04 | 003,902,336 | ---- | M] (Microsoft Corporation) MD5=DFB0E9F902FDAB7CD2E180E4072D45DD -- C:\Windows\SysWOW64\ntoskrnl.exe
[2011/06/22 23:38:04 | 003,902,336 | ---- | M] (Microsoft Corporation) MD5=DFB0E9F902FDAB7CD2E180E4072D45DD -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntoskrnl.exe
[2011/04/09 01:45:48 | 005,509,504 | ---- | M] (Microsoft Corporation) MD5=E03A9AC0273182895DCB3693A36785C9 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_c8178a15cddedd97\ntoskrnl.exe
[2010/10/27 00:18:36 | 005,510,528 | ---- | M] (Microsoft Corporation) MD5=E2EA143288BFF3D6B3AEB88C3BC02DAF -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe
[2010/10/27 00:23:11 | 005,477,248 | ---- | M] (Microsoft Corporation) MD5=E6FC5686F6BB6F0CEB1107E6D064A944 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe
[2011/06/23 00:29:39 | 005,507,968 | ---- | M] (Microsoft Corporation) MD5=EBECACD545E280FE7A0A2CBFC0AC29BD -- C:\Windows\SysNative\ntoskrnl.exe
[2011/06/23 00:29:39 | 005,507,968 | ---- | M] (Microsoft Corporation) MD5=EBECACD545E280FE7A0A2CBFC0AC29BD -- C:\Windows\system64\ntoskrnl.exe
[2011/06/23 00:29:39 | 005,507,968 | ---- | M] (Microsoft Corporation) MD5=EBECACD545E280FE7A0A2CBFC0AC29BD -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_c84c9b4dcdb735b2\ntoskrnl.exe
[2011/06/22 23:33:57 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=FB58ABD5E1F75A2CF713C9DFF0EC0804 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\system64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\system64\drivers\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\system64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\system64\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\system64\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steve\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steve\AppData\Local\Temp\RarSFX1\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steve\AppData\Local\Temp\RarSFX2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: UXTHEME.DLL >
[2009/07/13 20:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) MD5=43964FA89CCF97BA6BE34D69455AC65F -- C:\Windows\SysWOW64\uxtheme.dll
[2009/07/13 20:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) MD5=43964FA89CCF97BA6BE34D69455AC65F -- C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll
[2009/07/13 20:41:56 | 000,332,288 | ---- | M] (Microsoft Corporation) MD5=D29E998E8277666982B4F0303BF4E7AF -- C:\Windows\SysNative\uxtheme.dll
[2009/07/13 20:41:56 | 000,332,288 | ---- | M] (Microsoft Corporation) MD5=D29E998E8277666982B4F0303BF4E7AF -- C:\Windows\system64\uxtheme.dll
[2009/07/13 20:41:56 | 000,332,288 | ---- | M] (Microsoft Corporation) MD5=D29E998E8277666982B4F0303BF4E7AF -- C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll
< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/04/13 04:19:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steve\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steve\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steve\AppData\Local\Temp\RarSFX2\winlogon.exe
[2010/04/13 04:19:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/04/13 04:19:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\system64\winlogon.exe
[2010/04/13 04:19:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< C:\*.* >
[2011/03/15 18:04:53 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/07/13 20:38:58 | 000,383,562 | R-S- | M] () -- C:\bootmgr
[2009/07/27 15:40:53 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/11/19 16:52:09 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/11/25 16:24:00 | 3219,771,392 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/02/11 15:06:36 | 000,001,071 | ---- | M] () -- C:\IPH.PH
[2011/11/22 03:33:53 | 000,242,180 | ---- | M] () -- C:\OTL.Txt
[2011/11/25 16:24:03 | 4293,029,888 | -HS- | M] () -- C:\pagefile.sys
[2010/04/21 20:01:01 | 000,002,219 | R-S- | M] () -- C:\Patch.rev
[2010/08/26 06:51:56 | 000,000,216 | R-S- | M] () -- C:\Preload.rev
[2010/05/13 07:18:42 | 000,002,142 | ---- | M] () -- C:\RHDSetup.log
[2011/11/08 16:21:37 | 000,000,510 | ---- | M] () -- C:\rkill.log
[2011/11/08 15:30:19 | 000,194,914 | ---- | M] () -- C:\TDSSKiller.2.6.16.0_08.11.2011_15.28.24_log.txt
[2011/11/08 15:31:55 | 000,001,912 | ---- | M] () -- C:\TDSSKiller.2.6.16.0_08.11.2011_15.31.29_log.txt
[2011/11/08 15:42:23 | 000,098,444 | ---- | M] () -- C:\TDSSKiller.2.6.16.0_08.11.2011_15.39.23_log.txt
[2011/11/08 16:15:01 | 000,098,396 | ---- | M] () -- C:\TDSSKiller.2.6.16.0_08.11.2011_16.12.26_log.txt
[2011/10/05 03:14:12 | 000,039,507 | ---- | M] () -- C:\temp.jpg
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2010/03/19 18:55:52 | 002,073,703 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.CAB
[2010/03/19 18:58:20 | 000,551,424 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.MSI
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/30 15:21:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/30 15:21:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/30 15:21:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/09/30 15:21:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/09/30 15:21:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/30 15:21:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/08 14:16:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/08 14:16:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/08 14:16:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/08 14:16:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/05/08 14:16:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/09/30 15:21:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/09/30 15:21:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/09/30 15:21:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/09/30 15:21:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/09/30 15:21:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/09/30 15:21:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/08 14:16:25 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/08 14:16:25 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/08 14:16:25 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/08 14:16:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/05/08 14:16:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
< >
< >
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
========== Alternate Data Streams ==========
@Alternate Data Stream - 945 bytes -> C:\Users\Steve\Documents\Re Medical Imaging Related Course at NYU.eml:OECustomProperty
< End of report >
#18
Posted 25 November 2011 - 05:00 PM
Stv73
- Topic Starter
-
- Member
-
- 30 posts
Member
Also, I restored the Start Menu links and my original Task Bar appearance.
Pictures, Documents, User folder, Control Panel were set to "Do not display link on Start Menu". I had to set it back to "Display as link".
Likewise, I had to re-set my Task Bar to the option "Combine all automatically" from the setting "Combine only when full".
For some reason, the malware changed these settings when it first hit. I am posting this for future reference.
Pictures, Documents, User folder, Control Panel were set to "Do not display link on Start Menu". I had to set it back to "Display as link".
Likewise, I had to re-set my Task Bar to the option "Combine all automatically" from the setting "Combine only when full".
For some reason, the malware changed these settings when it first hit. I am posting this for future reference.
#19
Posted 25 November 2011 - 09:02 PM
Stv73
- Topic Starter
-
- Member
-
- 30 posts
Member
New update: After a couple of hours of smooth sailing, I had a Google result re-direct. It started trying to load a URL that was something along the lines of "salarye.net" / (longer URL)
Firefox mentioned that the site needed "additional plug-ins" to view everything on the site, as it was still loading. I closed down Firefox ASAP and shut down.
Right before shut down, Windows started configuring an update. I was unsure if this was legit, because I didn't necessarily remember a Windows Update icon notifying me, so I powered down manually (even though it said not to). I re-booted into Safe Mode, and the Windows config tried to start up again. This is probably just me being paranoid, but I want to make sure that's not one of the possible subversions of this type of malware before continuing.
Note: It seems I can operate the PC normally, however, if we need to go forth with a solution in Windows instead of a CD boot.
Firefox mentioned that the site needed "additional plug-ins" to view everything on the site, as it was still loading. I closed down Firefox ASAP and shut down.
Right before shut down, Windows started configuring an update. I was unsure if this was legit, because I didn't necessarily remember a Windows Update icon notifying me, so I powered down manually (even though it said not to). I re-booted into Safe Mode, and the Windows config tried to start up again. This is probably just me being paranoid, but I want to make sure that's not one of the possible subversions of this type of malware before continuing.
Note: It seems I can operate the PC normally, however, if we need to go forth with a solution in Windows instead of a CD boot.
#20
Posted 26 November 2011 - 05:06 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Yep there are still a few miscreants to remove, Dr Webb just made the sytem stable and usable for us. Let me know if all the menu items are back after these runs
So lets go for the final kill
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
So lets go for the final kill
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
#21
Posted 27 November 2011 - 04:11 AM
Stv73
- Topic Starter
-
- Member
-
- 30 posts
Member
I ran the Custom Fix. The first few xcopy commands returned a "access denied" message in the console box that opened for each one. I do not know if this botched the attempt. Note that I was not running OTL from desktop, if this is important (I have moved it to Desktop since). During the Fix, McAfee noted that a Trojan had been automatically removed.
The fix finished running and the machine rebooted. Upon start-up, checkdisk ran automatically claiming that the disk had to be checked for consistency. These were reported, among others:
I do not know if this is because I shut the machine down at the beginning of a Windows update (mentioned in my previous post) or if it was because the fix went awry, but this log was produced after checkdisk completed and Windows booted successfully:
So I ran the Quick Scan in OTL (this time from Desktop) as you requested. During the scan, my McAfee chimed in noting that a Trojan had been removed, twice. Then, I got the log:
Then, I shut down my machine without running ComboFix. One of the programs Windows had to wait for to close before shutting down was called something like "AMD:AEC Capturing Window" and was followed with "this program is preventing Windows from shutting down". After a short delay, Windows managed to shut down.
So, my main question is, am I safe to proceed with the ComboFix instructions at this point? Also, if I can proceed, do I have to re-run the fix and start from the beginning because I shut down the PC?
The fix finished running and the machine rebooted. Upon start-up, checkdisk ran automatically claiming that the disk had to be checked for consistency. These were reported, among others:
several of these - Delete corrupt attribute record (128, "") from file record segment <number>
scanning unindexed files for reconnect to their original director
25 unindexed files scanned
25 unindexed files recovered
I do not know if this is because I shut the machine down at the beginning of a Windows update (mentioned in my previous post) or if it was because the fix went awry, but this log was produced after checkdisk completed and Windows booted successfully:
All processes killed
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Steve\Downloads\cmd.bat deleted successfully.
C:\Users\Steve\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Steve\Downloads\cmd.bat deleted successfully.
C:\Users\Steve\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Steve\Downloads\cmd.bat deleted successfully.
C:\Users\Steve\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Steve\Downloads\cmd.bat deleted successfully.
C:\Users\Steve\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Steve\Downloads\cmd.bat deleted successfully.
C:\Users\Steve\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Steve
->Temp folder emptied: 630598775 bytes
->Temporary Internet Files folder emptied: 10543126 bytes
->Java cache emptied: 28877044 bytes
->FireFox cache emptied: 49048292 bytes
->Flash cache emptied: 6591307 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 196354954 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33438 bytes
RecycleBin emptied: 661 bytes
Total Files Cleaned = 879.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.31.0 log created on 11272011_034500
Files\Folders moved on Reboot...
C:\Users\Steve\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\fla8847.tmp not found!
File\Folder C:\Windows\temp\flaA05A.tmp not found!
C:\Windows\temp\flaDF3E.tmp moved successfully.
Registry entries deleted on Reboot...
So I ran the Quick Scan in OTL (this time from Desktop) as you requested. During the scan, my McAfee chimed in noting that a Trojan had been removed, twice. Then, I got the log:
OTL logfile created on: 11/27/2011 4:13:22 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steve\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.01% Memory free
7.99 Gb Paging File | 6.03 Gb Available in Paging File | 75.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.97 Gb Total Space | 200.35 Gb Free Space | 44.23% Space Free | Partition Type: NTFS
Computer Name: HONOR | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2011/11/27 04:09:37 | 000,032,256 | ---- | M] () -- C:\Windows\Temp\qknjsf\setup.exe
PRC - [2011/11/08 19:16:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2011/08/18 07:56:08 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/01/05 12:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/11/11 12:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/11/11 12:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/11/11 12:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010/11/11 12:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010/08/26 23:59:51 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/08/26 23:59:27 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/08 18:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/04 00:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/04 00:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/04 00:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/02/01 13:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/13 12:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/12/24 20:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 20:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/07/24 18:31:08 | 000,588,648 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
PRC - [2009/06/18 06:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009/06/18 05:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2009/06/18 05:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2009/06/15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
PRC - [2009/06/04 08:31:10 | 000,193,648 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2009/06/04 03:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe
PRC - [2009/03/05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
PRC - [2008/12/30 10:19:14 | 000,109,136 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
PRC - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nipalsm.exe
PRC - [2008/06/20 14:46:24 | 000,607,848 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
========== Modules (No Company Name) ==========
MOD - [2011/01/05 12:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2010/11/11 12:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2010/11/11 12:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/03/08 19:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010/01/13 12:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/05/20 17:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/10/13 11:41:06 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/10/13 11:41:04 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2010/08/24 13:57:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/08/24 13:57:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/08/24 13:57:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/04/15 08:45:10 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/03/29 11:41:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/02/05 22:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/05 01:55:06 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/11/11 12:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 12:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 12:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 11:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/26 23:59:51 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/08/26 23:59:27 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/08/19 12:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/04/13 03:57:13 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/04 00:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/01 13:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/26 10:49:18 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/06/18 06:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 05:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 05:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:31:10 | 000,193,648 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2009/06/04 03:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2009/03/05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2008/10/31 13:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (nipxirmu)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (nidevldu)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (ni488enumsvc)
SRV - [2008/06/20 14:46:24 | 000,607,848 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2007/05/09 14:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 16:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/11/11 12:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/11/11 12:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/11/11 12:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/11/11 12:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/11/11 11:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/11/11 09:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/11/11 09:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/10/05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/05 13:26:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/05 13:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/08/24 13:57:38 | 000,529,000 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,441,072 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/08/24 13:57:38 | 000,283,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,094,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/08/24 13:57:38 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/07/12 13:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010/04/14 00:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/04/01 19:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/29 11:51:38 | 006,405,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/29 10:46:28 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/09 09:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/01 21:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/10/16 05:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/17 23:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/21 12:58:08 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV:64bit: - [2009/06/21 12:58:06 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViPciKl.sys -- (NiViPciK)
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/17 14:26:22 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidsarkl.sys -- (nidsark)
DRV:64bit: - [2009/06/17 10:35:48 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1045kl.sys -- (ni1045k)
DRV:64bit: - [2009/06/17 00:15:00 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidmxfkl.sys -- (nidmxfk)
DRV:64bit: - [2009/06/16 23:05:24 | 000,011,880 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimxpkl.sys -- (nimxpk)
DRV:64bit: - [2009/06/14 14:32:28 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niorbkl.sys -- (niorbk)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 16:02:22 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\nipxirmkl.sys -- (nipxirmk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 21:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/28 21:16:50 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niwfrkl.sys -- (niwfrk)
DRV:64bit: - [2009/05/28 21:16:44 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nissrkl.sys -- (nissrk)
DRV:64bit: - [2009/05/28 21:15:32 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niesrkl.sys -- (niesrk)
DRV:64bit: - [2009/05/28 21:14:48 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nixsrkl.sys -- (nixsrk)
DRV:64bit: - [2009/05/28 21:13:54 | 000,011,880 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niufurkl.sys -- (niufurk)
DRV:64bit: - [2009/05/28 21:11:18 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkl.sys -- (niemrk)
DRV:64bit: - [2009/05/28 21:11:12 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicsrkl.sys -- (nicsrk)
DRV:64bit: - [2009/05/28 21:11:06 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkw.sys -- (niemrkw)
DRV:64bit: - [2009/05/26 19:35:44 | 000,012,928 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV:64bit: - [2009/05/26 19:34:42 | 000,883,288 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipalk.sys -- (NIPALK)
DRV:64bit: - [2009/05/26 19:33:28 | 000,012,920 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/01 14:31:02 | 000,026,704 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1065k.sys -- (ni1065k)
DRV:64bit: - [2009/04/01 14:16:54 | 000,030,800 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1006k.sys -- (ni1006k)
DRV:64bit: - [2009/03/30 12:59:00 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisftkl.sys -- (nisftk)
DRV:64bit: - [2009/03/30 12:58:50 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ninshsdkl.sys -- (ninshsdk)
DRV:64bit: - [2009/03/05 15:16:10 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViFWKl.sys -- (NiViFWK)
DRV:64bit: - [2009/02/05 21:32:20 | 000,011,312 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb6xxxkw.sys -- (usb6xxxkw)
DRV:64bit: - [2009/02/05 21:32:16 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisdigkl.sys -- (nisdigk)
DRV:64bit: - [2009/01/05 08:28:30 | 000,011,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nispdkl.sys -- (nispdk)
DRV:64bit: - [2009/01/05 08:28:28 | 000,011,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niscdkl.sys -- (niscdk)
DRV:64bit: - [2009/01/02 16:54:08 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nitiorkl.sys -- (nitiork)
DRV:64bit: - [2009/01/02 16:40:54 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistcrkl.sys -- (nistcrk)
DRV:64bit: - [2009/01/02 16:37:02 | 000,011,824 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistc2kl.sys -- (nistc2k)
DRV:64bit: - [2009/01/02 16:02:10 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicdrkl.sys -- (nicdrk)
DRV:64bit: - [2008/12/29 17:24:58 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimsdrkl.sys -- (nimsdrk)
DRV:64bit: - [2008/12/29 17:17:34 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimstskl.sys -- (nimstsk)
DRV:64bit: - [2008/12/05 15:21:30 | 000,025,224 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvalarmk.sys -- (lvalarmk)
DRV:64bit: - [2008/11/24 00:41:54 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimru2kl.sys -- (nimru2k)
DRV:64bit: - [2008/10/21 08:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008/10/21 08:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/10/21 08:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/10/21 08:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/10/21 08:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/10/21 08:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008/08/21 20:04:58 | 000,016,472 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipbcfk.sys -- (nipbcfk)
DRV:64bit: - [2008/07/28 14:08:00 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niswdkl.sys -- (niswdk)
DRV:64bit: - [2008/06/25 11:02:26 | 000,022,104 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipxigpk.sys -- (nipxigpk)
DRV:64bit: - [2008/06/13 13:51:10 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nidimkl.sys -- (nidimk)
DRV:64bit: - [2008/06/13 13:50:42 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimxdfkl.sys -- (nimxdfk)
DRV:64bit: - [2008/06/13 13:49:08 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimdbgkl.sys -- (nimdbgk)
DRV:64bit: - [2007/03/15 14:05:04 | 000,032,768 | ---- | M] (BIOPAC Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mp35usb.sys -- (MP35USB)
DRV:64bit: - [2007/02/26 11:40:46 | 000,017,696 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni488lock.sys -- (ni488lock)
DRV - [2010/08/19 12:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/10/18 09:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\cvintdrv.sys -- (cvintdrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...48z155t4551o616
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...48z155t4551o616
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...48z155t4551o616
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...48z155t4551o616
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...48z155t4551o616
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...48z155t4551o616
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/13 23:10:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/30 15:21:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/08 22:24:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/07 15:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2010/10/26 02:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/10/26 02:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/01 20:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ikq4y6cr.default\extensions
[2011/07/09 00:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/09 00:06:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/22 15:04:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/09 22:41:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 23:06:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/21 16:06:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/07 04:20:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/13 23:10:11 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/09/30 15:21:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/08/24 13:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2006/01/23 09:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV80Win32.dll
[2007/02/08 09:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2007/07/24 17:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv85win32.dll
[2008/12/10 13:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2009/06/23 18:40:40 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2011/09/17 01:26:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/11/27 03:45:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20100916195647.dll (McAfee, Inc.)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20100916195647.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands64.dll (Wolfram Research, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands32.dll (Wolfram Research, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands64.dll (Wolfram Research, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands32.dll (Wolfram Research, Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [niDevMon] C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE3B00ED-3938-4F4E-AD76-8ED6004628A2}: DhcpNameServer = 167.206.251.129 167.206.251.130
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
File not found -- C:\Windows\SysWow64\M4sMC31.com
[2011/11/27 04:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/27 04:04:47 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/11/27 03:45:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/13 22:57:12 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\RK_Quarantine
[2011/11/08 19:16:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2011/11/08 17:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/08 16:21:57 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/08 01:01:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2011/11/08 01:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/08 01:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/08 01:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/08 00:10:39 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/11/08 00:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/11/07 23:55:41 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/11/07 16:27:58 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\4634.com.exe
[2011/11/05 20:29:59 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\mlclass-ex1
[2011/11/03 03:35:12 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\filter bank project
[2011/11/03 03:33:33 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\filing system template
[2011/11/01 22:24:49 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\ml-class
[2011/10/29 13:43:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\tomima
[2010/05/13 07:18:52 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
========== Files - Modified Within 30 Days ==========
[2011/11/27 04:18:21 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 04:18:21 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 04:12:38 | 000,000,000 | ---- | M] () -- C:\ProgramData\dYp1AeS3R.dat
[2011/11/27 04:12:37 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/11/27 04:12:35 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At47.job
[2011/11/27 04:12:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/11/27 04:12:29 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At45.job
[2011/11/27 04:12:27 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/11/27 04:12:23 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At43.job
[2011/11/27 04:12:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/11/27 04:12:19 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At41.job
[2011/11/27 04:12:16 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/11/27 04:12:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At39.job
[2011/11/27 04:12:12 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/11/27 04:12:10 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At37.job
[2011/11/27 04:12:08 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/11/27 04:12:06 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At35.job
[2011/11/27 04:12:03 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/11/27 04:12:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At33.job
[2011/11/27 04:11:58 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/11/27 04:11:55 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At31.job
[2011/11/27 04:11:53 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/11/27 04:11:50 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At29.job
[2011/11/27 04:11:49 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/11/27 04:11:46 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At27.job
[2011/11/27 04:11:43 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/11/27 04:11:40 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At25.job
[2011/11/27 04:11:38 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/11/27 04:11:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/11/27 04:11:29 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/11/27 04:11:25 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/11/27 04:11:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/11/27 04:11:19 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/11/27 04:11:15 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/11/27 04:11:12 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/11/27 04:11:09 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/11/27 04:11:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/11/27 04:11:02 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/11/27 04:11:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/11/27 04:10:55 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/11/27 04:10:52 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/11/27 04:10:27 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/11/27 04:10:24 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/11/27 04:10:20 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/11/27 04:10:15 | 000,000,105 | ---- | M] () -- C:\Windows\Brownie.ini
[2011/11/27 04:10:13 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/11/27 04:10:08 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/11/27 04:10:06 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/11/27 04:10:05 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/11/27 04:10:02 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/11/27 04:10:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/11/27 04:09:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/11/27 04:09:11 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/27 04:08:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 04:08:37 | 3219,771,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 03:45:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/11/25 21:07:22 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/19 16:52:09 | 000,006,736 | ---- | M] () -- C:\bootsqm.dat
[2011/11/13 23:24:32 | 270,026,094 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/08 19:16:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2011/11/08 16:21:57 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/08 16:09:59 | 001,008,092 | ---- | M] () -- C:\Users\Steve\Desktop\7k34v9.com.com
[2011/11/08 06:02:42 | 000,852,777 | ---- | M] () -- C:\Users\Steve\AppData\Local\census.cache
[2011/11/08 06:02:22 | 000,079,198 | ---- | M] () -- C:\Users\Steve\AppData\Local\ars.cache
[2011/11/08 05:48:15 | 000,000,036 | ---- | M] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2011/11/08 05:44:36 | 000,001,464 | ---- | M] () -- C:\Users\Steve\Desktop\firefox - Shortcut.lnk
[2011/11/08 05:43:26 | 000,888,682 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/08 05:43:26 | 000,737,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 05:43:26 | 000,151,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/08 01:00:55 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 00:10:39 | 000,000,685 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/07 16:27:58 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\4634.com.exe
[2011/11/06 02:00:34 | 000,000,727 | ---- | M] () -- C:\Users\Steve\.octave_hist
[2011/11/06 01:55:37 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2011/11/05 20:29:59 | 000,517,350 | ---- | M] () -- C:\Users\Steve\Desktop\ex1.pdf
[2011/11/05 01:46:16 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/11/02 02:00:58 | 000,038,533 | ---- | M] () -- C:\Users\Steve\.recently-used.xbel
[2011/10/31 05:28:57 | 000,149,504 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\SharedSettings.ccs
[2011/10/30 02:54:05 | 000,093,500 | ---- | M] () -- C:\Users\Steve\Desktop\urgent-ultrascratch.png
[2011/10/30 02:46:34 | 000,132,449 | ---- | M] () -- C:\Users\Steve\Desktop\urgent-scratch2.png
[2011/10/29 22:31:16 | 000,124,161 | ---- | M] () -- C:\Users\Steve\Desktop\urgent-scratch.png
========== Files Created - No Company Name ==========
[2011/11/27 04:12:38 | 000,000,000 | ---- | C] () -- C:\ProgramData\dYp1AeS3R.dat
[2011/11/27 04:12:35 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/11/27 04:12:33 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/11/27 04:12:29 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/11/27 04:12:27 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/11/27 04:12:23 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/11/27 04:12:21 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/11/27 04:12:19 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/11/27 04:12:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/11/27 04:12:14 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/11/27 04:12:12 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/11/27 04:12:10 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/11/27 04:12:08 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/11/27 04:12:06 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/11/27 04:12:03 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/11/27 04:12:01 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/11/27 04:11:58 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/11/27 04:11:55 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/11/27 04:11:53 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/11/27 04:11:50 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/11/27 04:11:49 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/11/27 04:11:46 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/11/27 04:11:43 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/11/27 04:11:40 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/11/27 04:11:38 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/11/27 04:11:32 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/11/27 04:11:29 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/11/27 04:11:25 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/11/27 04:11:22 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/11/27 04:11:19 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/11/27 04:11:15 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/11/27 04:11:12 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/11/27 04:11:09 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/11/27 04:11:04 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/11/27 04:11:02 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/11/27 04:11:00 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/11/27 04:10:55 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/11/27 04:10:52 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/11/27 04:10:28 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/11/27 04:10:24 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/11/27 04:10:20 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/11/27 04:10:13 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/11/27 04:10:08 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/11/27 04:10:06 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/11/27 04:10:05 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/11/27 04:10:02 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/11/27 04:10:00 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/11/27 04:09:57 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/11/27 04:09:51 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/11/19 16:52:09 | 000,006,736 | ---- | C] () -- C:\bootsqm.dat
[2011/11/13 22:58:21 | 000,002,659 | ---- | C] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
[2011/11/13 22:58:21 | 000,002,622 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2011/11/13 22:58:21 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/13 22:58:21 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Vanguard.lnk
[2011/11/13 22:58:21 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/11/13 22:58:20 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2011/11/13 22:58:20 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk
[2011/11/13 22:58:20 | 000,002,360 | ---- | C] () -- C:\Users\Public\Desktop\BSL Lessons 3.7.lnk
[2011/11/13 22:58:20 | 000,002,312 | ---- | C] () -- C:\Users\Public\Desktop\BSL PRO 3.7 .lnk
[2011/11/13 22:58:20 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2011/11/13 22:58:20 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk
[2011/11/13 22:58:20 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/11/13 22:58:20 | 000,001,895 | ---- | C] () -- C:\Users\Public\Desktop\Play RIFT.lnk
[2011/11/13 22:58:20 | 000,001,832 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/11/13 22:58:20 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\Octave-3.2.4.lnk
[2011/11/13 22:58:20 | 000,001,323 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/11/13 22:58:20 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2011/11/13 22:58:20 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/11/13 22:58:20 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Measurement & Automation.lnk
[2011/11/13 22:58:20 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/11/13 22:58:20 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2011/11/13 22:58:20 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\CanoScan Toolbox 4.9.lnk
[2011/11/13 22:58:19 | 000,002,450 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/11/13 22:58:19 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/13 22:58:19 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/13 22:58:19 | 000,001,422 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/11/13 22:58:19 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/11/13 22:58:19 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/13 22:58:19 | 000,001,269 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/11/13 22:58:19 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/13 22:58:19 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/13 22:58:18 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/11/13 22:58:17 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/11/13 22:58:15 | 000,001,070 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments LabVIEW 8.5.lnk
[2011/11/13 22:58:13 | 000,002,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/11/13 22:58:13 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/11/13 22:58:13 | 000,001,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/13 22:58:11 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/11/13 22:58:10 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/13 22:58:10 | 000,001,035 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2011/11/13 22:58:06 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/13 22:58:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/13 22:58:05 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2011/11/08 16:18:39 | 001,008,092 | ---- | C] () -- C:\Users\Steve\Desktop\7k34v9.com.com
[2011/11/08 06:02:42 | 000,852,777 | ---- | C] () -- C:\Users\Steve\AppData\Local\census.cache
[2011/11/08 06:02:22 | 000,079,198 | ---- | C] () -- C:\Users\Steve\AppData\Local\ars.cache
[2011/11/08 05:48:15 | 000,000,036 | ---- | C] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2011/11/08 05:44:36 | 000,001,464 | ---- | C] () -- C:\Users\Steve\Desktop\firefox - Shortcut.lnk
[2011/11/08 01:00:55 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 00:10:39 | 000,000,685 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/02 02:00:58 | 000,038,533 | ---- | C] () -- C:\Users\Steve\.recently-used.xbel
[2011/10/30 00:25:19 | 000,132,449 | ---- | C] () -- C:\Users\Steve\Desktop\urgent-scratch2.png
[2011/10/29 22:24:52 | 000,124,161 | ---- | C] () -- C:\Users\Steve\Desktop\urgent-scratch.png
[2011/10/29 22:16:46 | 000,093,500 | ---- | C] () -- C:\Users\Steve\Desktop\urgent-ultrascratch.png
[2011/03/04 02:07:33 | 000,149,504 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\SharedSettings.ccs
[2010/11/25 01:30:35 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/10/26 02:11:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/15 18:07:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nidmfpan.ini
[2010/09/17 13:34:48 | 000,000,069 | ---- | C] () -- C:\Windows\pxisys.ini
[2010/09/17 13:34:48 | 000,000,030 | ---- | C] () -- C:\Windows\pxiesys.ini
[2010/09/03 17:27:02 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/09/03 17:27:02 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/09/03 17:26:34 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010/09/03 17:26:33 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2010/09/03 17:26:27 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/03 17:26:27 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
[2010/09/03 17:25:41 | 000,000,105 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/08/31 17:04:48 | 000,000,093 | ---- | C] () -- C:\Users\Steve\AppData\Local\fusioncache.dat
[2010/08/31 17:01:48 | 000,882,898 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/26 23:59:43 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/08/26 23:59:27 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/08/26 23:59:27 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/05/13 08:00:36 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/13 07:59:42 | 000,001,614 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/05/13 07:29:46 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/05/13 07:18:52 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2010/05/13 07:18:52 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/05/13 07:18:52 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010/05/13 07:18:52 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010/05/13 07:18:52 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010/05/13 07:13:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/13 04:16:14 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/04/13 04:16:14 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/04/13 04:16:14 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/14 13:15:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/07 17:20:24 | 000,050,208 | ---- | C] () -- C:\Windows\SysWow64\nispdu.dll
[2009/01/05 08:28:12 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\niscdrau.dll
[2005/10/18 09:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\cvintdrv.sys
========== LOP Check ==========
[2010/08/26 07:10:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\acccore
[2010/11/17 07:07:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Canon
[2011/03/04 02:11:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\CoffeeCup Software
[2011/06/28 21:10:17 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Elluminate
[2010/11/07 01:52:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\fltk.org
[2011/11/02 02:00:58 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\gtk-2.0
[2010/11/29 23:41:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\inkscape
[2011/05/25 01:06:57 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Notepad++
[2010/11/22 15:38:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OpenOffice.org
[2011/07/13 00:56:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Rift
[2011/04/24 01:00:51 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sony
[2010/10/26 02:11:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Thunderbird
[2010/08/31 17:05:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Turbine
[2010/10/23 18:42:51 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Wolfram Research
[2011/11/27 04:09:57 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/11/27 04:10:27 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/11/27 04:10:52 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011/11/27 04:10:55 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/11/27 04:11:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/11/27 04:11:02 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/11/27 04:11:04 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/11/27 04:11:09 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/11/27 04:11:12 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011/11/27 04:11:15 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/11/27 04:11:19 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011/11/27 04:10:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/11/27 04:11:22 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/11/27 04:11:25 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011/11/27 04:11:29 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/11/27 04:11:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011/11/27 04:11:38 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/11/27 04:11:40 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2011/11/27 04:11:43 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2011/11/27 04:11:46 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2011/11/27 04:11:49 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2011/11/27 04:11:50 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2011/11/27 04:10:02 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/11/27 04:11:53 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2011/11/27 04:11:55 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2011/11/27 04:11:58 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2011/11/27 04:12:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2011/11/27 04:12:03 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2011/11/27 04:12:06 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2011/11/27 04:12:08 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2011/11/27 04:12:10 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2011/11/27 04:12:12 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2011/11/27 04:12:14 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2011/11/27 04:10:05 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/11/27 04:12:16 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2011/11/27 04:12:19 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2011/11/27 04:12:21 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2011/11/27 04:12:23 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2011/11/27 04:12:27 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2011/11/27 04:12:29 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2011/11/27 04:12:33 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2011/11/27 04:12:35 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2011/11/27 04:12:37 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2011/11/27 04:10:06 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/11/27 04:10:08 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/11/27 04:10:13 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/11/27 04:10:20 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/11/27 04:10:24 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011/04/21 22:08:58 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 945 bytes -> C:\Users\Steve\Documents\Re Medical Imaging Related Course at NYU.eml:OECustomProperty
< End of report >
Then, I shut down my machine without running ComboFix. One of the programs Windows had to wait for to close before shutting down was called something like "AMD:AEC Capturing Window" and was followed with "this program is preventing Windows from shutting down". After a short delay, Windows managed to shut down.
So, my main question is, am I safe to proceed with the ComboFix instructions at this point? Also, if I can proceed, do I have to re-run the fix and start from the beginning because I shut down the PC?
Edited by Stv73, 27 November 2011 - 04:15 AM.
#22
Posted 27 November 2011 - 06:25 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Yes run combofix please as your AV stopped OTL from cleaning the malware
#23
Posted 27 November 2011 - 04:03 PM
Stv73
- Topic Starter
-
- Member
-
- 30 posts
Member
Do I need to run the OTL fix again first? But this time with AV disabled?
#24
Posted 27 November 2011 - 04:16 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Yes try that and if it stalls then go straight to combofix
#25
Posted 28 November 2011 - 07:56 PM
Stv73
- Topic Starter
-
- Member
-
- 30 posts
Member
Alright! All done. The system has been running for about an hour and nothing has gone wrong so far. I ran the OTL fix a second time, and then I ran ComboFix which completed successfully with no issues. Here are both of their logs:
And the ComboFix log:
All processes killed
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Steve\Desktop\cmd.bat deleted successfully.
C:\Users\Steve\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Steve\Desktop\cmd.bat deleted successfully.
C:\Users\Steve\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Steve\Desktop\cmd.bat deleted successfully.
C:\Users\Steve\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Steve\Desktop\cmd.bat deleted successfully.
C:\Users\Steve\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Steve\Desktop\cmd.bat deleted successfully.
C:\Users\Steve\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Steve
->Temp folder emptied: 1390244 bytes
->Temporary Internet Files folder emptied: 79653899 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 21672047 bytes
->Flash cache emptied: 1144 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20499692 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32969 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 118.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.31.0 log created on 11282011_184630
Files\Folders moved on Reboot...
C:\Users\Steve\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
And the ComboFix log:
ComboFix 11-11-28.02 - Steve 11/28/2011 19:08:25.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2300 [GMT -5:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 00:45 . 2011-11-29 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-28 23:58 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84FB64F9-459A-4A34-8EB4-4830B3393F0A}\mpengine.dll
2011-11-28 23:57 . 2011-05-24 23:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-27 09:04 . 2011-11-27 09:04 -------- d-----w- C:\found.000
2011-11-27 08:45 . 2011-11-27 08:45 -------- d-----w- C:\_OTL
2011-11-08 22:26 . 2011-11-08 22:26 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-08 21:21 . 2011-11-08 21:21 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-11-08 06:01 . 2011-11-08 06:01 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes
2011-11-08 06:00 . 2011-11-08 06:00 -------- d-----w- c:\programdata\Malwarebytes
2011-11-08 06:00 . 2011-11-08 06:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-08 05:08 . 2011-11-08 05:08 -------- d-----w- c:\programdata\boost_interprocess
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 21:12 . 2011-05-19 22:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 03:07 . 2011-10-11 21:19 3134976 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 05:24 . 2011-10-12 07:01 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 07:01 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 07:01 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 07:01 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-04-13 08:57 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-13 39408]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-29 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-04 1300560]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"niDevMon"="c:\program files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2008-12-30 109136]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-11-11 64112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0158011322523540mcinstcleanup;McAfee Application Installer Cleanup (0158011322523540);c:\users\Steve\AppData\Local\Temp\015801~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 135664]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 135664]
R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MP35USB;BIOPAC 64-bit USB driver for MP35;c:\windows\system32\DRIVERS\mp35usb.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [x]
R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [x]
R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [x]
R3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [x]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [x]
R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [x]
R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [x]
R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [x]
R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [x]
R3 niemrkw;niemrkw;c:\windows\system32\DRIVERS\niemrkw.sys [x]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [x]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [x]
R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [x]
R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [x]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [x]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [x]
R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [x]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [x]
R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [x]
R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [x]
R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [x]
R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [x]
R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [x]
R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [x]
R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [x]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [x]
R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [x]
R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [x]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [x]
R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [x]
R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-04-13 332272]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x]
R3 usb6xxxkw;usb6xxxkw;c:\windows\system32\DRIVERS\usb6xxxkw.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-04 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-06 865824]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 149032]
S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2008-08-22 12696]
S2 nidevldu;NI Device Loader;c:\windows\SysWOW64\nipalsm.exe [2008-08-22 12696]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2009-03-05 131704]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2009-06-04 193648]
S2 nipxirmk;NI PXI Resource Manager;c:\windows\system32\drivers\nipxirmkl.sys [x]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [x]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [x]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 15:30]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 15:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-04-13 08:57 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 860192]
"combofix"="c:\combofix\CF19031.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7551&r=27360810l506l0448z155t4551o616
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7551&r=27360810l506l0448z155t4551o616
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ikq4y6cr.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Adobe Connect Add-in - c:\users\Steve\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Steve\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\National Instruments\MAX\nimxs.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\SysWOW64\nisvcloc.exe
c:\program files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
Completion time: 2011-11-28 20:20:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-29 01:20
.
Pre-Run: 214,059,343,872 bytes free
Post-Run: 215,079,247,872 bytes free
.
- - End Of File - - 0BDDB30D6095D83237A481A59BA44A36
#26
Posted 29 November 2011 - 01:45 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK lets now sweep for orphans, and check the system out... Can you confirm that windows updates is working
Please download Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Please download Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish, so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
#27
Posted 30 November 2011 - 04:19 PM
Stv73
- Topic Starter
-
- Member
-
- 30 posts
Member
MalwareBytes Quick Scan came clean.
Also, Windows Update seems fine - it is notifying me of an update that needs installing as we speak.
The only thing I'm worried about - I opened Firefox to paste this log just now and it asked if I wanted it to be my default browser again. Wuh oh.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8280
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
11/30/2011 5:15:01 PM
mbam-log-2011-11-30 (17-15-01).txt
Scan type: Quick scan
Objects scanned: 179277
Time elapsed: 6 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Also, Windows Update seems fine - it is notifying me of an update that needs installing as we speak.
The only thing I'm worried about - I opened Firefox to paste this log just now and it asked if I wanted it to be my default browser again. Wuh oh.
#28
Posted 30 November 2011 - 04:21 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Yep that is to be expected as IE was reset as your default during the malware removal
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
Remove ComboFix
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
SPRING CLEAN
To manually create a new Restore Point
Now we can purge the infected ones
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes. Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[resethosts]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Remove ComboFix
- Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
- In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
- Follow the prompts on the screen
- A message should appear confirming that ComboFix was uninstalled
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
- Go to this site and click Do I have Java
- It will check your current version and then offer to update to the latest version
SPRING CLEAN
To manually create a new Restore Point
- Go to Control Panel and select System
- Select System
- On the left select System Protection and accept the warning if you get one
- Select System Protection Tab
- Select Create at the bottom
- Type in a name i.e. Clean
- Select Create
Now we can purge the infected ones
- GoStart > All programs > Accessories > system tools
- Right click Disc cleanup and select run as administrator
- Select Your main drive and accept the warning if you get one
- For a few moments the system will make some calculations
- Select the More Options tab
- In the System Restore and Shadow Backups select Clean up
- Select Delete on the pop up
- Select OK
- Select Delete
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes. Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
#29
Posted 30 November 2011 - 11:59 PM
Stv73
- Topic Starter
-
- Member
-
- 30 posts
Member
I hate to break this to you, but I got another Google redirect after all this.
So, I ran a MalwareBytes FULL scan and it caught PUP.BitMiner and removed it after a reboot. Unfortunately, I am STILL getting Google redirects! AHHH!!!
Here is the full scan log:
So, I ran a MalwareBytes FULL scan and it caught PUP.BitMiner and removed it after a reboot. Unfortunately, I am STILL getting Google redirects! AHHH!!!
Here is the full scan log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8280
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
11/30/2011 8:28:50 PM
mbam-log-2011-11-30 (20-28-50).txt
Scan type: Full scan (C:\|)
Objects scanned: 544014
Time elapsed: 1 hour(s), 39 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.
#30
Posted 01 December 2011 - 12:13 AM
Stv73
- Topic Starter
-
- Member
-
- 30 posts
Member
I only use Firefox, by the way - in case I didn't mention.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
