Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AV Protection Virus - Cannot boot even in safe mode [Solved]


  • This topic is locked This topic is locked

#1
SarahDoughnut717

SarahDoughnut717

    Member

  • Member
  • PipPip
  • 12 posts
Hi, my brother's computer has a virus. It is the AV Protection virus, and it seems impossible to get rid of. I was unable to run malware or spyware removal, even the tsskiller, because the computer will either reboot or exit the removal software while it was scanning. That was when I could log on in safe mode or safe mode with networking. now it is at the point where I cannot get past the welcome screen to log into any user account, even in safe mode. If I try, an error message that says 'user log on execute failed' or something along those lines. I have no idea what to do, I repeat, I cannot even log onto the desktop, so I am unable to use any malware removal software, and even when I could they were not able to function properly.
  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Hello :welcome:

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

Use a clean system to create the CD.

  • Download OTLPEStd.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
SarahDoughnut717

SarahDoughnut717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks. That file is downloading to the computer I'm on now. To boot my brother's computer, do I turn the computer on, then slip the CD in, and press F8 repeatedly, or press Delete repeatedly to get to the setup screen? I just want to make sure I have the sequence of steps right.
  • 0

#4
SarahDoughnut717

SarahDoughnut717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
help, there is a "run scanner" error says 'target is not windows 2000 or later'
  • 0

#5
SarahDoughnut717

SarahDoughnut717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
nevermind, got past that
  • 0

#6
SarahDoughnut717

SarahDoughnut717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The scan is running, could you be more specific about step 16? Do you mean I can save any files I wish to extract from the computer? Can you be more specific on how to do that?
  • 0

#7
SarahDoughnut717

SarahDoughnut717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL logfile created on: 11/27/2011 5:25:53 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 88.22 Gb Free Space | 59.78% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto] -- -- (TosCoSrv)
SRV - File not found [Auto] -- -- (MSK80Service)
SRV - File not found [Auto] -- -- (MpfService)
SRV - File not found [On_Demand] -- -- (McSysmon)
SRV - File not found [Auto] -- -- (McProxy)
SRV - File not found [Auto] -- -- (mcmscsvc)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [Auto] -- -- (Apple Mobile Device)
SRV - [2011/11/08 22:53:19 | 000,532,480 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2011/11/08 22:53:16 | 000,196,608 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2011/11/08 22:53:12 | 000,225,280 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2011/11/08 22:53:10 | 000,294,912 | ---- | M] () [Auto] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2011/11/08 22:53:05 | 000,765,952 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/11/08 22:53:04 | 002,584,576 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2011/11/08 22:52:56 | 000,569,344 | ---- | M] (WildTangent, Inc.) [Auto] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2011/11/08 22:52:55 | 000,598,016 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/11/08 22:52:48 | 000,188,416 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2011/05/28 01:09:00 | 001,512,735 | -H-- | M] () [Auto] -- C:\ProgramData\dimlopmnjebx.dat -- (SENS)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand] -- -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IO_Memory)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/11/26 20:51:54 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\1970516416 -- (c0b17375)
DRV - [2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/18 19:35:53 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110415.001\bhdrvx86.sys -- (BHDrvx86)
DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\navex15.sys -- (NAVEX15)
DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\naveng.sys -- (NAVENG)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys -- (SymEFA)
DRV - [2011/03/14 21:29:00 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110330.001\idsvix86.sys -- (IDSVix86)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/01/19 02:42:48 | 000,227,896 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2008/01/19 02:41:52 | 000,035,384 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2007/09/19 13:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/07/24 15:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 10:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 12:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 12:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 12:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 12:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/06/01 16:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 01:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 01:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 07:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25402

IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...UTF-8&hl=en
IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/mswmp,version=1.0: C:\Program Files\SpiralFrog\wmp\np-mswmp.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SpiralFrog.com/Download Manager,version=1.0.0: C:\Program Files\SpiralFrog\NPSFDMGR.dll (SpiralFrog Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ClickPotatoLite\bin\10.0.528.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/23 15:33:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/23 15:33:05 | 000,000,000 | ---D | M]

[2010/12/08 17:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Steven_User_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [0D1.exe] C:\Program Files\LP\4849\0D1.exe ()
O4 - HKLM..\Run: [FcSibD3pn4Q6W7E] C:\Users\Steven User\AppData\Roaming\dwme.exe ()
O4 - HKLM..\Run: [Gamevance] File not found
O4 - HKLM..\Run: [j1ivD3onFaHsJdL8234A] C:\Windows\System32\System Security 2012v121.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [rdWK8fRL9TqUeIr8234A] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe (SpiralFrog)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\Guest_ON_C..\Run: [swg] File not found
O4 - HKU\Guest_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Guest_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steven_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Steven_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steven_User_ON_C..\Run: [0D1.exe] C:\Users\Steven User\AppData\Roaming\Microsoft\4849\0D1.exe ()
O4 - HKU\Steven_User_ON_C..\Run: [1Y5U7AYUWGXY3X8WVZDKGNVBRXW] C:\Fonts\6DFBBA77D25.exe (Ankord Development Group)
O4 - HKU\Steven_User_ON_C..\Run: [CvS2obF3pGa8234A] File not found
O4 - HKU\Steven_User_ON_C..\Run: [Privacy Protection] C:\ProgramData\privacy.exe (mIRC Co. Ltd.)
O4 - HKU\Steven_User_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Steven_User_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: c0b17375 = C:\Users\Steven User\AppData\Roaming\csrss.exe
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - File not found
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinn...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Steven_User_ON_C Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Local\c0b17375\X) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/26 18:04:15 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\RucS2ibD3n4Q6W
[2011/11/26 18:04:14 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\iL9gTXqjYeIrOtA
[2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard
[2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F
[2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/11/18 00:11:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2011/11/18 00:07:17 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\CrashDumps
[2011/11/17 23:13:58 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\NPE
[2011/11/17 23:07:14 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/11/17 22:52:39 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/17 22:52:11 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys
[2011/11/17 22:52:11 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/11/17 22:52:11 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys
[2011/11/17 22:52:11 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/11/17 22:52:11 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
[2011/11/17 22:52:11 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\ironx86.sys
[2011/11/17 22:52:11 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/11/17 22:51:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
[2011/11/17 22:50:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011/11/17 22:50:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/17 22:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/11/17 22:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2011/11/17 21:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/11/17 20:30:30 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011
[2011/11/17 20:30:22 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\RsQJ7dEK8R9YwUe
[2011/11/17 20:30:22 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\avD2onF4pH
[2011/11/17 20:30:14 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\QnG5aQH6dKf
[2011/11/17 20:30:12 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\WonF4pmH5Q7E8R9
[2011/11/15 17:09:26 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\30EF7
[2011/11/14 23:28:28 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\ZEoe6z4wogxWwAH
[2011/11/13 03:27:15 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\hrzONtxA0c2b3n4
[2011/11/13 03:21:57 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\XvDobF4pm5Q6E8R
[2011/11/13 03:21:57 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\U9hTXwjUeIrPyAu
[2011/11/13 03:21:49 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\l9gTXqjYCkVzNx0
[2011/11/13 03:21:47 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\NQJ6dEKfR9TwUeI
[2011/11/13 03:18:11 | 000,167,936 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Steven User\Desktop\0.4678522676718392.exe
[2011/11/11 22:33:19 | 000,968,704 | ---- | C] (mIRC Co. Ltd.) -- C:\ProgramData\privacy.exe
[2011/11/08 22:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\30EF7
[2011/11/08 22:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/11/08 22:58:02 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\90D30
[2011/11/08 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012
[2011/11/08 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\okIBrzONyAuSiF
[2011/11/08 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\NpnG5aQH6W7
[2011/11/08 22:57:32 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\LS1ibD3on4HsJfL
[2011/11/07 19:15:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/26 20:51:54 | 000,000,000 | ---- | M] () -- C:\Windows\1970516416
[2011/11/26 20:51:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/26 19:24:11 | 146,509,049 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/26 19:09:25 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/26 19:09:25 | 000,105,530 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/26 18:43:58 | 076,004,920 | -H-- | M] () -- C:\ProgramData\xbejnmpolmid.dat
[2011/11/26 18:38:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 18:38:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 18:04:15 | 000,001,927 | ---- | M] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
[2011/11/26 17:58:53 | 000,000,925 | ---- | M] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
[2011/11/26 17:57:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
[2011/11/26 16:31:41 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ej23jnm23.dat
[2011/11/26 16:31:31 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocejmiaiw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\odej23moc.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\muhmiaol23.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\metroosehw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\exeiuqolmis.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ewqlldnolmia.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\otiuqarcjra.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocmuhmjila.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\niw46mia23.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\busmjnolexe.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\46nololarc.dat
[2011/11/26 16:12:36 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\mia46mirmoc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\arcotniwniw.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\23hwmiamoc.dat
[2011/11/18 20:01:56 | 000,001,333 | ---- | M] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/11/18 20:01:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/11/18 18:20:45 | 000,775,673 | ---- | M] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
[2011/11/18 02:33:05 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
[2011/11/18 02:32:42 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlrmdr.exe
[2011/11/18 02:32:42 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpnotify.exe
[2011/11/18 02:32:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2011/11/18 02:31:59 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/11/18 02:31:15 | 000,318,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/11/18 02:29:40 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011/11/18 02:29:33 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasautou.exe
[2011/11/18 02:29:15 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2011/11/18 02:29:15 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/11/18 02:29:01 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printui.exe
[2011/11/18 02:28:41 | 000,520,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2011/11/18 02:28:41 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011/11/18 02:28:34 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011/11/18 02:28:32 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
[2011/11/18 02:28:27 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011/11/18 02:27:50 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2011/11/18 02:26:46 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/11/18 02:26:42 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011/11/18 02:26:33 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011/11/18 02:25:45 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011/11/18 02:24:18 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2011/11/18 02:23:55 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/11/18 02:23:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/11/18 02:22:41 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
[2011/11/18 02:22:13 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdbinst.exe
[2011/11/17 23:39:26 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_77621.nl_
[2011/11/17 23:18:19 | 002,284,298 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/17 23:16:36 | 006,691,812 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
[2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/17 22:52:39 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/17 22:52:39 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/17 22:52:17 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/17 22:52:16 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/11/17 20:30:31 | 000,001,814 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
[2011/11/17 18:52:35 | 000,968,704 | ---- | M] (mIRC Co. Ltd.) -- C:\ProgramData\privacy.exe
[2011/11/17 18:00:24 | 000,000,680 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
[2011/11/17 17:55:33 | 000,002,609 | ---- | M] () -- C:\Users\Steven User\Desktop\Microsoft Office Word 2003.lnk
[2011/11/16 00:04:52 | 000,437,248 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\java.exe
[2011/11/14 17:55:47 | 000,000,340 | ---- | M] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
[2011/11/13 03:55:52 | 000,760,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/11/13 03:27:36 | 000,437,248 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\dwme.exe
[2011/11/13 03:18:31 | 000,167,936 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Steven User\Desktop\0.4678522676718392.exe
[2011/11/11 22:33:21 | 000,657,042 | ---- | M] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
[2011/11/11 00:57:47 | 000,022,519 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/11/09 23:14:20 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011/11/09 21:09:08 | 001,818,624 | ---- | M] () -- C:\Windows\System32\System Security 2012v121.exe
[2011/11/09 01:58:19 | 000,215,552 | ---- | M] () -- C:\Windows\zip.exe
[2011/11/09 00:32:40 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
[2011/11/09 00:32:38 | 000,178,688 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
[2011/11/09 00:31:38 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/11/09 00:31:38 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2011/11/09 00:31:37 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011/11/09 00:31:37 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/11/09 00:31:36 | 000,393,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/11/09 00:31:36 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/11/09 00:31:35 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
[2011/11/09 00:31:35 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\write.exe
[2011/11/09 00:31:34 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
[2011/11/09 00:31:34 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/11/09 00:31:34 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcer.exe
[2011/11/09 00:31:31 | 003,364,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/11/09 00:31:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winver.exe
[2011/11/09 00:31:30 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/11/09 00:31:29 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/11/09 00:31:27 | 000,355,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/11/09 00:31:22 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2011/11/09 00:31:22 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
[2011/11/09 00:31:21 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\whoami.exe
[2011/11/09 00:31:21 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\where.exe
[2011/11/09 00:31:20 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011/11/09 00:31:20 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/11/09 00:31:19 | 001,007,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/11/09 00:31:18 | 001,290,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011/11/09 00:31:18 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/11/09 00:30:41 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011/11/09 00:30:41 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
[2011/11/09 00:30:40 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsp1cln.exe
[2011/11/09 00:30:40 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
[2011/11/09 00:30:39 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
[2011/11/09 00:30:39 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verclsid.exe
[2011/11/09 00:30:38 | 000,786,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011/11/09 00:30:37 | 000,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/11/09 00:30:37 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
[2011/11/09 00:30:36 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2011/11/09 00:30:35 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2011/11/09 00:30:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\typeperf.exe
[2011/11/09 00:30:34 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011/11/09 00:30:33 | 000,484,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2011/11/09 00:30:33 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011/11/09 00:30:33 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TRACERT.EXE
[2011/11/09 00:30:32 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
[2011/11/09 00:30:32 | 000,225,280 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\tosmreg.exe
[2011/11/09 00:30:31 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timeout.exe
[2011/11/09 00:30:30 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcmsetup.exe
[2011/11/09 00:30:19 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2011/11/09 00:30:19 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2011/11/09 00:30:18 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011/11/09 00:30:18 | 000,158,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TapiUnattend.exe
[2011/11/09 00:30:17 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesRemote.exe
[2011/11/09 00:30:17 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011/11/09 00:30:17 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systray.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesProtection.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesPerformance.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesHardware.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesComputerName.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesAdvanced.exe
[2011/11/09 00:30:14 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
[2011/11/09 00:30:11 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
[2011/11/09 00:30:11 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
[2011/11/09 00:30:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\subst.exe
[2011/11/09 00:29:58 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2011/11/09 00:29:58 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sort.exe
[2011/11/09 00:29:57 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011/11/09 00:29:57 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/11/09 00:29:54 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011/11/09 00:29:53 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011/11/09 00:29:52 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sigverif.exe
[2011/11/09 00:29:51 | 000,543,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
[2011/11/09 00:29:51 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
[2011/11/09 00:29:50 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setx.exe
[2011/11/09 00:29:50 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
[2011/11/09 00:29:49 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011/11/09 00:29:49 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
[2011/11/09 00:29:48 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/11/09 00:29:47 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/11/09 00:29:47 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011/11/09 00:29:46 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
[2011/11/09 00:29:46 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secinit.exe
[2011/11/09 00:29:44 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/11/09 00:29:44 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
[2011/11/09 00:29:43 | 000,299,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/11/09 00:29:42 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011/11/09 00:29:42 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sc.exe
[2011/11/09 00:29:42 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2011/11/09 00:29:41 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RunLegacyCPLElevated.exe
[2011/11/09 00:29:41 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runas.exe
[2011/11/09 00:29:39 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/11/09 00:29:39 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
[2011/11/09 00:29:39 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/11/09 00:29:38 | 000,235,008 | ---- | M] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011/11/09 00:29:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RmClient.exe
[2011/11/09 00:29:37 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/11/09 00:29:37 | 000,494,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/11/09 00:29:36 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/11/09 00:29:36 | 000,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/11/09 00:29:35 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\replace.exe
[2011/11/09 00:29:19 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2011/11/09 00:29:19 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2011/11/09 00:29:18 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/11/09 00:29:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
[2011/11/09 00:29:17 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011/11/09 00:29:17 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
[2011/11/09 00:29:17 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regedt32.exe
[2011/11/09 00:29:16 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recover.exe
[2011/11/09 00:29:15 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
[2011/11/09 00:29:15 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
[2011/11/09 00:29:15 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
[2011/11/09 00:29:14 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011/11/09 00:29:13 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2011/11/09 00:29:12 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2011/11/09 00:29:10 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/11/09 00:29:10 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/11/09 00:29:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\print.exe
[2011/11/09 00:29:09 | 000,436,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/11/09 00:29:09 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powercfg.exe
[2011/11/09 00:29:08 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/11/09 00:29:08 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011/11/09 00:29:08 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\plasrv.exe
[2011/11/09 00:29:07 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/11/09 00:29:07 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
[2011/11/09 00:29:06 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011/11/09 00:29:06 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011/11/09 00:29:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaui.exe
[2011/11/09 00:29:05 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaelv.exe
[2011/11/09 00:29:05 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcalua.exe
[2011/11/09 00:29:04 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
[2011/11/09 00:29:04 | 000,329,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011/11/09 00:29:04 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PATHPING.EXE
[2011/11/09 00:29:03 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
[2011/11/09 00:29:03 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\openfiles.exe
[2011/11/09 00:28:54 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.exe
[2011/11/09 00:28:53 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcad32.exe
[2011/11/09 00:28:53 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/11/09 00:28:52 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2011/11/09 00:28:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/11/09 00:28:49 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/11/09 00:28:48 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netsh.exe
[2011/11/09 00:28:48 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NetProj.exe
[2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
[2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/11/09 00:28:46 | 000,306,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011/11/09 00:28:46 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net.exe
[2011/11/09 00:28:45 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
[2011/11/09 00:28:44 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
[2011/11/09 00:28:42 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
[2011/11/09 00:28:41 | 000,632,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2011/11/09 00:28:41 | 000,612,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2011/11/09 00:28:41 | 000,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/11/09 00:28:40 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/09 00:28:37 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011/11/09 00:28:37 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
[2011/11/09 00:28:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
[2011/11/09 00:28:33 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/11/09 00:28:32 | 001,939,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011/11/09 00:28:19 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2011/11/09 00:28:17 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/11/09 00:28:16 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011/11/09 00:28:16 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011/11/09 00:28:16 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdRes.exe
[2011/11/09 00:28:15 | 001,086,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/11/09 00:28:15 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2011/11/09 00:28:14 | 000,857,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011/11/09 00:28:11 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011/11/09 00:28:10 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011/11/09 00:28:10 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/11/09 00:28:07 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/11/09 00:28:06 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2011/11/09 00:28:01 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\label.exe
[2011/11/09 00:28:01 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2011/11/09 00:28:00 | 000,286,720 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/11/09 00:28:00 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/11/09 00:27:59 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/11/09 00:27:58 | 000,313,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\irftp.exe
[2011/11/09 00:27:58 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicpl.exe
[2011/11/09 00:27:57 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011/11/09 00:27:57 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
[2011/11/09 00:27:48 | 001,060,864 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2011/11/09 00:27:46 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/11/09 00:27:46 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/11/09 00:27:45 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/11/09 00:27:45 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2011/11/09 00:27:44 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2011/11/09 00:27:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2011/11/09 00:27:42 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/11/09 00:27:41 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\help.exe
[2011/11/09 00:27:40 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\grpconv.exe
[2011/11/09 00:27:38 | 000,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011/11/09 00:27:38 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011/11/09 00:27:37 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2011/11/09 00:27:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/11/09 00:27:36 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/11/09 00:27:35 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\forfiles.exe
[2011/11/09 00:27:35 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontview.exe
[2011/11/09 00:27:35 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fltMC.exe
[2011/11/09 00:27:34 | 002,732,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2011/11/09 00:27:34 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallSettings.exe
[2011/11/09 00:27:34 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fixmapi.exe
[2011/11/09 00:27:33 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/11/09 00:27:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\find.exe
[2011/11/09 00:27:33 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/11/09 00:27:32 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011/11/09 00:27:31 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2011/11/09 00:27:30 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventvwr.exe
[2011/11/09 00:27:30 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventcreate.exe
[2011/11/09 00:27:29 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/11/09 00:27:29 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2011/11/09 00:27:15 | 000,400,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/11/09 00:27:15 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\efsui.exe
[2011/11/09 00:27:14 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2011/11/09 00:27:13 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dvdupgrd.exe
[2011/11/09 00:22:42 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2011/11/09 00:22:41 | 000,170,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2011/11/09 00:22:41 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dplaysvr.exe
[2011/11/09 00:22:40 | 000,554,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011/11/09 00:22:40 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2011/11/09 00:22:39 | 000,249,856 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/11/09 00:22:39 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\doskey.exe
[2011/11/09 00:22:38 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2011/11/09 00:22:38 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhst3g.exe
[2011/11/09 00:22:37 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/11/09 00:22:37 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/11/09 00:22:37 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskperf.exe
[2011/11/09 00:22:36 | 000,241,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2011/11/09 00:22:36 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dialer.exe
[2011/11/09 00:22:35 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011/11/09 00:22:35 | 000,311,296 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2011/11/09 00:22:34 | 000,244,224 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2011/11/09 00:22:34 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2011/11/09 00:22:34 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2011/11/09 00:22:33 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011/11/09 00:22:33 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceProperties.exe
[2011/11/09 00:22:32 | 000,374,272 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2011/11/09 00:22:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dcomcnfg.exe
[2011/11/09 00:22:29 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/11/09 00:22:29 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credwiz.exe
[2011/11/09 00:22:28 | 000,359,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\control.exe
[2011/11/09 00:22:28 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2011/11/09 00:22:27 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011/11/09 00:21:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2011/11/09 00:21:00 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2011/11/09 00:21:00 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comp.exe
[2011/11/09 00:21:00 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\compact.exe
[2011/11/09 00:20:58 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\colorcpl.exe
[2011/11/09 00:20:57 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011/11/09 00:20:57 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cofire.exe
[2011/11/09 00:20:56 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
[2011/11/09 00:20:56 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011/11/09 00:20:55 | 000,466,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011/11/09 00:20:55 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clip.exe
[2011/11/09 00:20:55 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdkey.exe
[2011/11/09 00:20:54 | 000,326,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cleanmgr.exe
[2011/11/09 00:20:54 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011/11/09 00:20:54 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cliconfg.exe
[2011/11/09 00:20:53 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\choice.exe
[2011/11/09 00:20:53 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkntfs.exe
[2011/11/09 00:20:52 | 000,946,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011/11/09 00:20:52 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\charmap.exe
[2011/11/09 00:20:52 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkdsk.exe
[2011/11/09 00:20:51 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011/11/09 00:20:51 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011/11/09 00:20:46 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011/11/09 00:20:46 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2011/11/09 00:20:45 | 000,241,664 | ---- | M] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2011/11/09 00:20:45 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011/11/09 00:20:44 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2011/11/09 00:20:42 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011/11/09 00:20:41 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011/11/09 00:20:39 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/11/09 00:20:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
[2011/11/09 00:20:38 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
[2011/11/09 00:20:38 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2011/11/09 00:20:38 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/11/09 00:20:36 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AdapterTroubleshooter.exe
[2011/11/09 00:20:35 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2011/11/09 00:19:23 | 000,246,272 | ---- | M] () -- C:\Windows\sed.exe
[2011/11/09 00:19:20 | 000,425,984 | ---- | M] (Toshiba America Information Systems) -- C:\Windows\SavePOH.exe
[2011/11/09 00:19:19 | 004,591,616 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/11/09 00:19:19 | 001,339,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2011/11/09 00:19:08 | 000,403,968 | ---- | M] () -- C:\Windows\PEV.exe
[2011/11/09 00:15:49 | 000,462,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2011/11/09 00:15:48 | 000,645,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2011/11/09 00:15:43 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2011/11/09 00:14:57 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/11/09 00:08:50 | 000,195,072 | ---- | M] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2011/11/09 00:05:34 | 000,430,080 | ---- | M] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
[2011/11/08 23:35:12 | 000,638,976 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\cselect.exe
[2011/11/08 22:59:47 | 001,267,298 | ---- | M] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
[2011/11/08 22:53:30 | 005,292,544 | ---- | M] (ParetoLogic, Inc.) -- C:\Users\Steven User\Desktop\PCHA.exe
[2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
[2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2011/11/08 22:52:17 | 000,133,632 | ---- | M] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
[2011/11/06 23:35:41 | 000,001,100 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
[2011/11/04 13:46:15 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/26 16:31:41 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ej23jnm23.dat
[2011/11/26 16:31:31 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocejmiaiw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\odej23moc.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\muhmiaol23.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\metroosehw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\exeiuqolmis.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ewqlldnolmia.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\otiuqarcjra.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocmuhmjila.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\niw46mia23.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\busmjnolexe.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\46nololarc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\mia46mirmoc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\arcotniwniw.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\23hwmiamoc.dat
[2011/11/18 20:01:56 | 000,001,333 | ---- | C] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/11/18 20:01:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F\isolate.ini
[2011/11/17 23:17:25 | 002,284,298 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/17 23:15:54 | 006,691,812 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
[2011/11/17 23:07:14 | 000,000,925 | ---- | C] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
[2011/11/17 22:52:39 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/17 22:52:39 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/17 22:52:16 | 000,002,151 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/11/17 22:52:11 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/11/17 22:52:11 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.cat
[2011/11/17 22:52:11 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.cat
[2011/11/17 22:52:11 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.cat
[2011/11/17 22:52:11 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/11/17 22:52:11 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/11/17 22:52:11 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.inf
[2011/11/17 22:52:11 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.inf
[2011/11/17 22:52:11 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/11/17 22:52:11 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.inf
[2011/11/17 22:52:11 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/11/17 22:52:11 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/11/17 22:52:11 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.inf
[2011/11/17 22:52:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
[2011/11/17 22:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.cat
[2011/11/17 20:30:31 | 000,001,927 | ---- | C] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
[2011/11/15 17:08:22 | 000,437,248 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\java.exe
[2011/11/13 03:21:49 | 000,437,248 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\dwme.exe
[2011/11/12 01:33:53 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_77621.nl_
[2011/11/11 22:32:20 | 000,657,042 | ---- | C] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
[2011/11/08 23:52:09 | 000,775,673 | ---- | C] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
[2011/11/08 22:59:47 | 000,430,080 | ---- | C] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
[2011/11/08 22:57:40 | 000,001,814 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
[2011/11/08 22:57:32 | 001,818,624 | ---- | C] () -- C:\Windows\System32\System Security 2012v121.exe
[2011/11/08 22:53:33 | 000,000,340 | ---- | C] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
[2011/11/08 22:52:12 | 001,267,298 | ---- | C] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
[2011/11/08 22:52:12 | 000,133,632 | ---- | C] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
[2011/06/06 21:59:30 | 000,000,680 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
[2011/06/05 22:09:49 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~30531320r
[2011/06/05 22:09:48 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~30531320
[2011/06/05 22:08:44 | 000,000,392 | -H-- | C] () -- C:\ProgramData\30531320
[2011/06/05 17:51:42 | 000,001,100 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
[2011/05/28 01:09:00 | 076,004,920 | -H-- | C] () -- C:\ProgramData\xbejnmpolmid.dat
[2011/05/28 01:09:00 | 003,748,983 | -H-- | C] () -- C:\Windows\System32\32mnj32je.dat
[2011/05/28 01:09:00 | 003,412,402 | -H-- | C] () -- C:\Windows\System32\com32jedo.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\winwintocra.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comrim64aim.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comaimwh32.dat
[2011/05/28 01:09:00 | 003,233,636 | -H-- | C] () -- C:\Windows\System32\wiaimjeco.dat
[2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\exelonjmsub.dat
[2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\alijmhumco.dat
[2011/05/28 01:09:00 | 002,938,007 | -H-- | C] () -- C:\Windows\System32\simloquiexe.dat
[2011/05/28 01:09:00 | 002,610,209 | -H-- | C] () -- C:\Windows\System32\arjcraquito.dat
[2011/05/28 01:09:00 | 002,554,671 | -H-- | C] () -- C:\Windows\System32\32aim64win.dat
[2011/05/28 01:09:00 | 002,499,132 | -H-- | C] () -- C:\Windows\System32\32loaimhum.dat
[2011/05/28 01:09:00 | 002,480,750 | -H-- | C] () -- C:\Windows\System32\cralolon64.dat
[2011/05/28 01:09:00 | 002,024,737 | -H-- | C] () -- C:\Windows\System32\aimlondllqwe.dat
[2011/05/28 01:09:00 | 002,016,254 | -H-- | C] () -- C:\Windows\System32\whesoortem.dat
[2011/05/28 01:09:00 | 001,512,735 | -H-- | C] () -- C:\ProgramData\dimlopmnjebx.dat
[2010/11/29 16:08:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/29 16:08:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/25 17:10:48 | 000,227,896 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/25 17:07:39 | 000,035,384 | ---- | C] () -- C:\Windows\System32\drivers\kbdclass.sys
[2010/11/24 14:42:18 | 000,000,680 | ---- | C] () -- C:\Users\Steven\AppData\Local\d3d9caps.dat
[2010/09/30 14:47:29 | 000,403,968 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/30 14:47:29 | 000,246,272 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/30 14:47:29 | 000,215,552 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/30 14:47:29 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/30 14:47:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/10 20:45:27 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/07/28 23:18:47 | 000,003,584 | ---- | C] () -- C:\Users\Guest\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 19:20:27 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/12/03 19:20:27 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT
[2008/10/26 11:26:38 | 000,006,656 | ---- | C] () -- C:\Users\Steven User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/16 19:10:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/29 17:35:45 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/11/06 18:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/11/06 18:13:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/11/06 18:13:22 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/11/06 18:13:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/11/06 18:13:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/11/06 17:33:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/11/06 17:33:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/11/06 17:33:44 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/11/06 17:33:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/09/13 18:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 18:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 18:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 18:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/05 16:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,321,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,607,658 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,530 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\DriverCure
[2010/10/04 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\gtk-2.0
[2010/12/15 15:03:25 | 000,000,000 | -HSD | M] -- C:\Users\Steven\AppData\Roaming\Internet Security Suite
[2010/07/11 15:05:20 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\My Battle for Middle-earth Files
[2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\ParetoLogic
[2008/04/06 10:57:17 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\TOSHIBA
[2008/03/29 17:43:54 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WildTangent
[2008/04/06 10:55:30 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WinBatch
[2011/11/15 17:09:26 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\30EF7
[2011/11/16 00:04:25 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\90D30
[2011/11/17 20:30:22 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\avD2onF4pH
[2011/06/05 22:05:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\BitTorrent
[2010/12/07 15:45:17 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\DriverCure
[2011/11/13 03:27:15 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\hrzONtxA0c2b3n4
[2011/11/26 18:04:14 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\iL9gTXqjYeIrOtA
[2011/11/13 03:21:49 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\l9gTXqjYCkVzNx0
[2011/11/08 22:57:32 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\LS1ibD3on4HsJfL
[2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth Files
[2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth™ II Files
[2011/11/08 22:57:40 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\NpnG5aQH6W7
[2011/11/13 03:21:47 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\NQJ6dEKfR9TwUeI
[2011/11/08 22:57:40 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\okIBrzONyAuSiF
[2010/12/07 15:45:12 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\ParetoLogic
[2011/11/17 20:30:14 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\QnG5aQH6dKf
[2011/11/17 20:30:30 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\RsQJ7dEK8R9YwUe
[2011/11/26 18:04:15 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\RucS2ibD3n4Q6W
[2011/11/13 03:27:08 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\U9hTXwjUeIrPyAu
[2009/12/13 16:18:55 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WeatherBug
[2008/06/27 16:19:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WinBatch
[2011/11/17 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\WonF4pmH5Q7E8R9
[2011/11/13 03:21:57 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\XvDobF4pm5Q6E8R
[2011/11/14 23:28:28 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\ZEoe6z4wogxWwAH
[2011/01/13 03:07:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\2f8725
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/06/06 22:12:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Flip Video
[2010/12/08 18:35:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\ISVZJKWXPS
[2010/09/10 19:40:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\MSDXBJHHS
[2011/06/05 21:17:26 | 000,000,000 | -H-D | M] -- C:\ProgramData\Napster
[2011/11/26 17:58:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\ParetoLogic
[2011/11/17 22:36:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2007/12/11 08:36:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\Toshiba
[2011/06/06 22:12:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2011/06/06 22:12:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2009/03/15 14:23:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2007/12/11 08:13:39 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/05/02 13:17:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/14 23:59:59 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/10/01 00:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/09/10 21:54:55 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011/11/26 16:31:01 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\Windows\1970516416:1062112394.exe
< End of report >
  • 0

#8
SarahDoughnut717

SarahDoughnut717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL logfile created on: 11/27/2011 5:25:53 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 88.22 Gb Free Space | 59.78% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto] -- -- (TosCoSrv)
SRV - File not found [Auto] -- -- (MSK80Service)
SRV - File not found [Auto] -- -- (MpfService)
SRV - File not found [On_Demand] -- -- (McSysmon)
SRV - File not found [Auto] -- -- (McProxy)
SRV - File not found [Auto] -- -- (mcmscsvc)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [Auto] -- -- (Apple Mobile Device)
SRV - [2011/11/08 22:53:19 | 000,532,480 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2011/11/08 22:53:16 | 000,196,608 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2011/11/08 22:53:12 | 000,225,280 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2011/11/08 22:53:10 | 000,294,912 | ---- | M] () [Auto] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2011/11/08 22:53:05 | 000,765,952 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/11/08 22:53:04 | 002,584,576 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2011/11/08 22:52:56 | 000,569,344 | ---- | M] (WildTangent, Inc.) [Auto] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2011/11/08 22:52:55 | 000,598,016 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/11/08 22:52:48 | 000,188,416 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2011/05/28 01:09:00 | 001,512,735 | -H-- | M] () [Auto] -- C:\ProgramData\dimlopmnjebx.dat -- (SENS)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand] -- -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IO_Memory)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/11/26 20:51:54 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\1970516416 -- (c0b17375)
DRV - [2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/18 19:35:53 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110415.001\bhdrvx86.sys -- (BHDrvx86)
DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\navex15.sys -- (NAVEX15)
DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\naveng.sys -- (NAVENG)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys -- (SymEFA)
DRV - [2011/03/14 21:29:00 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110330.001\idsvix86.sys -- (IDSVix86)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/01/19 02:42:48 | 000,227,896 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2008/01/19 02:41:52 | 000,035,384 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2007/09/19 13:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/07/24 15:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 10:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 12:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 12:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 12:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 12:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/06/01 16:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 01:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 01:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 07:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25402

IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...UTF-8&#38;hl=en
IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/mswmp,version=1.0: C:\Program Files\SpiralFrog\wmp\np-mswmp.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SpiralFrog.com/Download Manager,version=1.0.0: C:\Program Files\SpiralFrog\NPSFDMGR.dll (SpiralFrog Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ClickPotatoLite\bin\10.0.528.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/23 15:33:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/23 15:33:05 | 000,000,000 | ---D | M]

[2010/12/08 17:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Steven_User_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [0D1.exe] C:\Program Files\LP\4849\0D1.exe ()
O4 - HKLM..\Run: [FcSibD3pn4Q6W7E] C:\Users\Steven User\AppData\Roaming\dwme.exe ()
O4 - HKLM..\Run: [Gamevance] File not found
O4 - HKLM..\Run: [j1ivD3onFaHsJdL8234A] C:\Windows\System32\System Security 2012v121.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [rdWK8fRL9TqUeIr8234A] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe (SpiralFrog)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\Guest_ON_C..\Run: [swg] File not found
O4 - HKU\Guest_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Guest_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steven_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Steven_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steven_User_ON_C..\Run: [0D1.exe] C:\Users\Steven User\AppData\Roaming\Microsoft\4849\0D1.exe ()
O4 - HKU\Steven_User_ON_C..\Run: [1Y5U7AYUWGXY3X8WVZDKGNVBRXW] C:\Fonts\6DFBBA77D25.exe (Ankord Development Group)
O4 - HKU\Steven_User_ON_C..\Run: [CvS2obF3pGa8234A] File not found
O4 - HKU\Steven_User_ON_C..\Run: [Privacy Protection] C:\ProgramData\privacy.exe (mIRC Co. Ltd.)
O4 - HKU\Steven_User_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Steven_User_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: c0b17375 = C:\Users\Steven User\AppData\Roaming\csrss.exe
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - File not found
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinn...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Steven_User_ON_C Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Local\c0b17375\X) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/26 18:04:15 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\RucS2ibD3n4Q6W
[2011/11/26 18:04:14 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\iL9gTXqjYeIrOtA
[2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard
[2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F
[2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/11/18 00:11:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2011/11/18 00:07:17 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\CrashDumps
[2011/11/17 23:13:58 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\NPE
[2011/11/17 23:07:14 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/11/17 22:52:39 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/17 22:52:11 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys
[2011/11/17 22:52:11 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/11/17 22:52:11 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys
[2011/11/17 22:52:11 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/11/17 22:52:11 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
[2011/11/17 22:52:11 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\ironx86.sys
[2011/11/17 22:52:11 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/11/17 22:51:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
[2011/11/17 22:50:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011/11/17 22:50:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/17 22:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/11/17 22:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2011/11/17 21:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/11/17 20:30:30 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011
[2011/11/17 20:30:22 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\RsQJ7dEK8R9YwUe
[2011/11/17 20:30:22 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\avD2onF4pH
[2011/11/17 20:30:14 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\QnG5aQH6dKf
[2011/11/17 20:30:12 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\WonF4pmH5Q7E8R9
[2011/11/15 17:09:26 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\30EF7
[2011/11/14 23:28:28 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\ZEoe6z4wogxWwAH
[2011/11/13 03:27:15 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\hrzONtxA0c2b3n4
[2011/11/13 03:21:57 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\XvDobF4pm5Q6E8R
[2011/11/13 03:21:57 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\U9hTXwjUeIrPyAu
[2011/11/13 03:21:49 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\l9gTXqjYCkVzNx0
[2011/11/13 03:21:47 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\NQJ6dEKfR9TwUeI
[2011/11/13 03:18:11 | 000,167,936 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Steven User\Desktop\0.4678522676718392.exe
[2011/11/11 22:33:19 | 000,968,704 | ---- | C] (mIRC Co. Ltd.) -- C:\ProgramData\privacy.exe
[2011/11/08 22:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\30EF7
[2011/11/08 22:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/11/08 22:58:02 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\90D30
[2011/11/08 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012
[2011/11/08 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\okIBrzONyAuSiF
[2011/11/08 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\NpnG5aQH6W7
[2011/11/08 22:57:32 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\LS1ibD3on4HsJfL
[2011/11/07 19:15:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/26 20:51:54 | 000,000,000 | ---- | M] () -- C:\Windows\1970516416
[2011/11/26 20:51:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/26 19:24:11 | 146,509,049 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/26 19:09:25 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/26 19:09:25 | 000,105,530 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/26 18:43:58 | 076,004,920 | -H-- | M] () -- C:\ProgramData\xbejnmpolmid.dat
[2011/11/26 18:38:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 18:38:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 18:04:15 | 000,001,927 | ---- | M] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
[2011/11/26 17:58:53 | 000,000,925 | ---- | M] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
[2011/11/26 17:57:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
[2011/11/26 16:31:41 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ej23jnm23.dat
[2011/11/26 16:31:31 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocejmiaiw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\odej23moc.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\muhmiaol23.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\metroosehw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\exeiuqolmis.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ewqlldnolmia.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\otiuqarcjra.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocmuhmjila.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\niw46mia23.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\busmjnolexe.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\46nololarc.dat
[2011/11/26 16:12:36 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\mia46mirmoc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\arcotniwniw.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\23hwmiamoc.dat
[2011/11/18 20:01:56 | 000,001,333 | ---- | M] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/11/18 20:01:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/11/18 18:20:45 | 000,775,673 | ---- | M] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
[2011/11/18 02:33:05 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
[2011/11/18 02:32:42 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlrmdr.exe
[2011/11/18 02:32:42 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpnotify.exe
[2011/11/18 02:32:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2011/11/18 02:31:59 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/11/18 02:31:15 | 000,318,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/11/18 02:29:40 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011/11/18 02:29:33 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasautou.exe
[2011/11/18 02:29:15 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2011/11/18 02:29:15 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/11/18 02:29:01 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printui.exe
[2011/11/18 02:28:41 | 000,520,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2011/11/18 02:28:41 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011/11/18 02:28:34 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011/11/18 02:28:32 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
[2011/11/18 02:28:27 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011/11/18 02:27:50 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2011/11/18 02:26:46 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/11/18 02:26:42 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011/11/18 02:26:33 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011/11/18 02:25:45 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011/11/18 02:24:18 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2011/11/18 02:23:55 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/11/18 02:23:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/11/18 02:22:41 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
[2011/11/18 02:22:13 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdbinst.exe
[2011/11/17 23:39:26 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_77621.nl_
[2011/11/17 23:18:19 | 002,284,298 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/17 23:16:36 | 006,691,812 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
[2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/17 22:52:39 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/17 22:52:39 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/17 22:52:17 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/17 22:52:16 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/11/17 20:30:31 | 000,001,814 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
[2011/11/17 18:52:35 | 000,968,704 | ---- | M] (mIRC Co. Ltd.) -- C:\ProgramData\privacy.exe
[2011/11/17 18:00:24 | 000,000,680 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
[2011/11/17 17:55:33 | 000,002,609 | ---- | M] () -- C:\Users\Steven User\Desktop\Microsoft Office Word 2003.lnk
[2011/11/16 00:04:52 | 000,437,248 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\java.exe
[2011/11/14 17:55:47 | 000,000,340 | ---- | M] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
[2011/11/13 03:55:52 | 000,760,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/11/13 03:27:36 | 000,437,248 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\dwme.exe
[2011/11/13 03:18:31 | 000,167,936 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Steven User\Desktop\0.4678522676718392.exe
[2011/11/11 22:33:21 | 000,657,042 | ---- | M] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
[2011/11/11 00:57:47 | 000,022,519 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/11/09 23:14:20 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011/11/09 21:09:08 | 001,818,624 | ---- | M] () -- C:\Windows\System32\System Security 2012v121.exe
[2011/11/09 01:58:19 | 000,215,552 | ---- | M] () -- C:\Windows\zip.exe
[2011/11/09 00:32:40 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
[2011/11/09 00:32:38 | 000,178,688 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
[2011/11/09 00:31:38 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/11/09 00:31:38 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2011/11/09 00:31:37 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011/11/09 00:31:37 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/11/09 00:31:36 | 000,393,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/11/09 00:31:36 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/11/09 00:31:35 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
[2011/11/09 00:31:35 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\write.exe
[2011/11/09 00:31:34 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
[2011/11/09 00:31:34 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/11/09 00:31:34 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcer.exe
[2011/11/09 00:31:31 | 003,364,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/11/09 00:31:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winver.exe
[2011/11/09 00:31:30 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/11/09 00:31:29 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/11/09 00:31:27 | 000,355,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/11/09 00:31:22 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2011/11/09 00:31:22 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
[2011/11/09 00:31:21 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\whoami.exe
[2011/11/09 00:31:21 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\where.exe
[2011/11/09 00:31:20 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011/11/09 00:31:20 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/11/09 00:31:19 | 001,007,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/11/09 00:31:18 | 001,290,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011/11/09 00:31:18 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/11/09 00:30:41 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011/11/09 00:30:41 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
[2011/11/09 00:30:40 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsp1cln.exe
[2011/11/09 00:30:40 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
[2011/11/09 00:30:39 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
[2011/11/09 00:30:39 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verclsid.exe
[2011/11/09 00:30:38 | 000,786,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011/11/09 00:30:37 | 000,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/11/09 00:30:37 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
[2011/11/09 00:30:36 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2011/11/09 00:30:35 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2011/11/09 00:30:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\typeperf.exe
[2011/11/09 00:30:34 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011/11/09 00:30:33 | 000,484,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2011/11/09 00:30:33 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011/11/09 00:30:33 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TRACERT.EXE
[2011/11/09 00:30:32 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
[2011/11/09 00:30:32 | 000,225,280 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\tosmreg.exe
[2011/11/09 00:30:31 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timeout.exe
[2011/11/09 00:30:30 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcmsetup.exe
[2011/11/09 00:30:19 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2011/11/09 00:30:19 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2011/11/09 00:30:18 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011/11/09 00:30:18 | 000,158,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TapiUnattend.exe
[2011/11/09 00:30:17 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesRemote.exe
[2011/11/09 00:30:17 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011/11/09 00:30:17 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systray.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesProtection.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesPerformance.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesHardware.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesComputerName.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesAdvanced.exe
[2011/11/09 00:30:14 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
[2011/11/09 00:30:11 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
[2011/11/09 00:30:11 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
[2011/11/09 00:30:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\subst.exe
[2011/11/09 00:29:58 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2011/11/09 00:29:58 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sort.exe
[2011/11/09 00:29:57 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011/11/09 00:29:57 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/11/09 00:29:54 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011/11/09 00:29:53 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011/11/09 00:29:52 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sigverif.exe
[2011/11/09 00:29:51 | 000,543,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
[2011/11/09 00:29:51 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
[2011/11/09 00:29:50 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setx.exe
[2011/11/09 00:29:50 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
[2011/11/09 00:29:49 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011/11/09 00:29:49 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
[2011/11/09 00:29:48 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/11/09 00:29:47 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/11/09 00:29:47 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011/11/09 00:29:46 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
[2011/11/09 00:29:46 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secinit.exe
[2011/11/09 00:29:44 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/11/09 00:29:44 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
[2011/11/09 00:29:43 | 000,299,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/11/09 00:29:42 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011/11/09 00:29:42 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sc.exe
[2011/11/09 00:29:42 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2011/11/09 00:29:41 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RunLegacyCPLElevated.exe
[2011/11/09 00:29:41 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runas.exe
[2011/11/09 00:29:39 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/11/09 00:29:39 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
[2011/11/09 00:29:39 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/11/09 00:29:38 | 000,235,008 | ---- | M] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011/11/09 00:29:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RmClient.exe
[2011/11/09 00:29:37 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/11/09 00:29:37 | 000,494,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/11/09 00:29:36 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/11/09 00:29:36 | 000,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/11/09 00:29:35 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\replace.exe
[2011/11/09 00:29:19 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2011/11/09 00:29:19 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2011/11/09 00:29:18 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/11/09 00:29:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
[2011/11/09 00:29:17 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011/11/09 00:29:17 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
[2011/11/09 00:29:17 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regedt32.exe
[2011/11/09 00:29:16 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recover.exe
[2011/11/09 00:29:15 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
[2011/11/09 00:29:15 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
[2011/11/09 00:29:15 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
[2011/11/09 00:29:14 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011/11/09 00:29:13 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2011/11/09 00:29:12 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2011/11/09 00:29:10 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/11/09 00:29:10 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/11/09 00:29:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\print.exe
[2011/11/09 00:29:09 | 000,436,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/11/09 00:29:09 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powercfg.exe
[2011/11/09 00:29:08 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/11/09 00:29:08 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011/11/09 00:29:08 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\plasrv.exe
[2011/11/09 00:29:07 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/11/09 00:29:07 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
[2011/11/09 00:29:06 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011/11/09 00:29:06 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011/11/09 00:29:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaui.exe
[2011/11/09 00:29:05 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaelv.exe
[2011/11/09 00:29:05 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcalua.exe
[2011/11/09 00:29:04 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
[2011/11/09 00:29:04 | 000,329,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011/11/09 00:29:04 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PATHPING.EXE
[2011/11/09 00:29:03 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
[2011/11/09 00:29:03 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\openfiles.exe
[2011/11/09 00:28:54 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.exe
[2011/11/09 00:28:53 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcad32.exe
[2011/11/09 00:28:53 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/11/09 00:28:52 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2011/11/09 00:28:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/11/09 00:28:49 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/11/09 00:28:48 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netsh.exe
[2011/11/09 00:28:48 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NetProj.exe
[2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
[2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/11/09 00:28:46 | 000,306,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011/11/09 00:28:46 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net.exe
[2011/11/09 00:28:45 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
[2011/11/09 00:28:44 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
[2011/11/09 00:28:42 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
[2011/11/09 00:28:41 | 000,632,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2011/11/09 00:28:41 | 000,612,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2011/11/09 00:28:41 | 000,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/11/09 00:28:40 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/09 00:28:37 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011/11/09 00:28:37 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
[2011/11/09 00:28:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
[2011/11/09 00:28:33 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/11/09 00:28:32 | 001,939,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011/11/09 00:28:19 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2011/11/09 00:28:17 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/11/09 00:28:16 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011/11/09 00:28:16 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011/11/09 00:28:16 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdRes.exe
[2011/11/09 00:28:15 | 001,086,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/11/09 00:28:15 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2011/11/09 00:28:14 | 000,857,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011/11/09 00:28:11 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011/11/09 00:28:10 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011/11/09 00:28:10 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/11/09 00:28:07 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/11/09 00:28:06 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2011/11/09 00:28:01 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\label.exe
[2011/11/09 00:28:01 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2011/11/09 00:28:00 | 000,286,720 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/11/09 00:28:00 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/11/09 00:27:59 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/11/09 00:27:58 | 000,313,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\irftp.exe
[2011/11/09 00:27:58 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicpl.exe
[2011/11/09 00:27:57 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011/11/09 00:27:57 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
[2011/11/09 00:27:48 | 001,060,864 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2011/11/09 00:27:46 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/11/09 00:27:46 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/11/09 00:27:45 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/11/09 00:27:45 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2011/11/09 00:27:44 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2011/11/09 00:27:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2011/11/09 00:27:42 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/11/09 00:27:41 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\help.exe
[2011/11/09 00:27:40 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\grpconv.exe
[2011/11/09 00:27:38 | 000,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011/11/09 00:27:38 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011/11/09 00:27:37 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2011/11/09 00:27:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/11/09 00:27:36 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/11/09 00:27:35 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\forfiles.exe
[2011/11/09 00:27:35 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontview.exe
[2011/11/09 00:27:35 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fltMC.exe
[2011/11/09 00:27:34 | 002,732,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2011/11/09 00:27:34 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallSettings.exe
[2011/11/09 00:27:34 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fixmapi.exe
[2011/11/09 00:27:33 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/11/09 00:27:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\find.exe
[2011/11/09 00:27:33 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/11/09 00:27:32 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011/11/09 00:27:31 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2011/11/09 00:27:30 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventvwr.exe
[2011/11/09 00:27:30 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventcreate.exe
[2011/11/09 00:27:29 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/11/09 00:27:29 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2011/11/09 00:27:15 | 000,400,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/11/09 00:27:15 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\efsui.exe
[2011/11/09 00:27:14 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2011/11/09 00:27:13 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dvdupgrd.exe
[2011/11/09 00:22:42 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2011/11/09 00:22:41 | 000,170,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2011/11/09 00:22:41 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dplaysvr.exe
[2011/11/09 00:22:40 | 000,554,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011/11/09 00:22:40 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2011/11/09 00:22:39 | 000,249,856 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/11/09 00:22:39 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\doskey.exe
[2011/11/09 00:22:38 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2011/11/09 00:22:38 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhst3g.exe
[2011/11/09 00:22:37 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/11/09 00:22:37 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/11/09 00:22:37 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskperf.exe
[2011/11/09 00:22:36 | 000,241,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2011/11/09 00:22:36 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dialer.exe
[2011/11/09 00:22:35 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011/11/09 00:22:35 | 000,311,296 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2011/11/09 00:22:34 | 000,244,224 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2011/11/09 00:22:34 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2011/11/09 00:22:34 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2011/11/09 00:22:33 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011/11/09 00:22:33 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceProperties.exe
[2011/11/09 00:22:32 | 000,374,272 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2011/11/09 00:22:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dcomcnfg.exe
[2011/11/09 00:22:29 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/11/09 00:22:29 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credwiz.exe
[2011/11/09 00:22:28 | 000,359,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\control.exe
[2011/11/09 00:22:28 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2011/11/09 00:22:27 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011/11/09 00:21:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2011/11/09 00:21:00 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2011/11/09 00:21:00 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comp.exe
[2011/11/09 00:21:00 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\compact.exe
[2011/11/09 00:20:58 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\colorcpl.exe
[2011/11/09 00:20:57 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011/11/09 00:20:57 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cofire.exe
[2011/11/09 00:20:56 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
[2011/11/09 00:20:56 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011/11/09 00:20:55 | 000,466,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011/11/09 00:20:55 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clip.exe
[2011/11/09 00:20:55 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdkey.exe
[2011/11/09 00:20:54 | 000,326,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cleanmgr.exe
[2011/11/09 00:20:54 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011/11/09 00:20:54 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cliconfg.exe
[2011/11/09 00:20:53 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\choice.exe
[2011/11/09 00:20:53 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkntfs.exe
[2011/11/09 00:20:52 | 000,946,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011/11/09 00:20:52 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\charmap.exe
[2011/11/09 00:20:52 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkdsk.exe
[2011/11/09 00:20:51 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011/11/09 00:20:51 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011/11/09 00:20:46 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011/11/09 00:20:46 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2011/11/09 00:20:45 | 000,241,664 | ---- | M] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2011/11/09 00:20:45 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011/11/09 00:20:44 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2011/11/09 00:20:42 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011/11/09 00:20:41 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011/11/09 00:20:39 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/11/09 00:20:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
[2011/11/09 00:20:38 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
[2011/11/09 00:20:38 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2011/11/09 00:20:38 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/11/09 00:20:36 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AdapterTroubleshooter.exe
[2011/11/09 00:20:35 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2011/11/09 00:19:23 | 000,246,272 | ---- | M] () -- C:\Windows\sed.exe
[2011/11/09 00:19:20 | 000,425,984 | ---- | M] (Toshiba America Information Systems) -- C:\Windows\SavePOH.exe
[2011/11/09 00:19:19 | 004,591,616 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/11/09 00:19:19 | 001,339,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2011/11/09 00:19:08 | 000,403,968 | ---- | M] () -- C:\Windows\PEV.exe
[2011/11/09 00:15:49 | 000,462,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2011/11/09 00:15:48 | 000,645,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2011/11/09 00:15:43 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2011/11/09 00:14:57 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/11/09 00:08:50 | 000,195,072 | ---- | M] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2011/11/09 00:05:34 | 000,430,080 | ---- | M] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
[2011/11/08 23:35:12 | 000,638,976 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\cselect.exe
[2011/11/08 22:59:47 | 001,267,298 | ---- | M] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
[2011/11/08 22:53:30 | 005,292,544 | ---- | M] (ParetoLogic, Inc.) -- C:\Users\Steven User\Desktop\PCHA.exe
[2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
[2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2011/11/08 22:52:17 | 000,133,632 | ---- | M] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
[2011/11/06 23:35:41 | 000,001,100 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
[2011/11/04 13:46:15 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/26 16:31:41 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ej23jnm23.dat
[2011/11/26 16:31:31 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocejmiaiw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\odej23moc.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\muhmiaol23.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\metroosehw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\exeiuqolmis.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ewqlldnolmia.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\otiuqarcjra.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocmuhmjila.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\niw46mia23.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\busmjnolexe.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\46nololarc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\mia46mirmoc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\arcotniwniw.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\23hwmiamoc.dat
[2011/11/18 20:01:56 | 000,001,333 | ---- | C] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/11/18 20:01:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F\isolate.ini
[2011/11/17 23:17:25 | 002,284,298 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/17 23:15:54 | 006,691,812 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
[2011/11/17 23:07:14 | 000,000,925 | ---- | C] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
[2011/11/17 22:52:39 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/17 22:52:39 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/17 22:52:16 | 000,002,151 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/11/17 22:52:11 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/11/17 22:52:11 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.cat
[2011/11/17 22:52:11 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.cat
[2011/11/17 22:52:11 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.cat
[2011/11/17 22:52:11 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/11/17 22:52:11 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/11/17 22:52:11 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.inf
[2011/11/17 22:52:11 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.inf
[2011/11/17 22:52:11 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/11/17 22:52:11 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.inf
[2011/11/17 22:52:11 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/11/17 22:52:11 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/11/17 22:52:11 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.inf
[2011/11/17 22:52:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
[2011/11/17 22:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.cat
[2011/11/17 20:30:31 | 000,001,927 | ---- | C] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
[2011/11/15 17:08:22 | 000,437,248 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\java.exe
[2011/11/13 03:21:49 | 000,437,248 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\dwme.exe
[2011/11/12 01:33:53 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_77621.nl_
[2011/11/11 22:32:20 | 000,657,042 | ---- | C] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
[2011/11/08 23:52:09 | 000,775,673 | ---- | C] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
[2011/11/08 22:59:47 | 000,430,080 | ---- | C] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
[2011/11/08 22:57:40 | 000,001,814 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
[2011/11/08 22:57:32 | 001,818,624 | ---- | C] () -- C:\Windows\System32\System Security 2012v121.exe
[2011/11/08 22:53:33 | 000,000,340 | ---- | C] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
[2011/11/08 22:52:12 | 001,267,298 | ---- | C] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
[2011/11/08 22:52:12 | 000,133,632 | ---- | C] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
[2011/06/06 21:59:30 | 000,000,680 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
[2011/06/05 22:09:49 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~30531320r
[2011/06/05 22:09:48 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~30531320
[2011/06/05 22:08:44 | 000,000,392 | -H-- | C] () -- C:\ProgramData\30531320
[2011/06/05 17:51:42 | 000,001,100 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
[2011/05/28 01:09:00 | 076,004,920 | -H-- | C] () -- C:\ProgramData\xbejnmpolmid.dat
[2011/05/28 01:09:00 | 003,748,983 | -H-- | C] () -- C:\Windows\System32\32mnj32je.dat
[2011/05/28 01:09:00 | 003,412,402 | -H-- | C] () -- C:\Windows\System32\com32jedo.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\winwintocra.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comrim64aim.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comaimwh32.dat
[2011/05/28 01:09:00 | 003,233,636 | -H-- | C] () -- C:\Windows\System32\wiaimjeco.dat
[2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\exelonjmsub.dat
[2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\alijmhumco.dat
[2011/05/28 01:09:00 | 002,938,007 | -H-- | C] () -- C:\Windows\System32\simloquiexe.dat
[2011/05/28 01:09:00 | 002,610,209 | -H-- | C] () -- C:\Windows\System32\arjcraquito.dat
[2011/05/28 01:09:00 | 002,554,671 | -H-- | C] () -- C:\Windows\System32\32aim64win.dat
[2011/05/28 01:09:00 | 002,499,132 | -H-- | C] () -- C:\Windows\System32\32loaimhum.dat
[2011/05/28 01:09:00 | 002,480,750 | -H-- | C] () -- C:\Windows\System32\cralolon64.dat
[2011/05/28 01:09:00 | 002,024,737 | -H-- | C] () -- C:\Windows\System32\aimlondllqwe.dat
[2011/05/28 01:09:00 | 002,016,254 | -H-- | C] () -- C:\Windows\System32\whesoortem.dat
[2011/05/28 01:09:00 | 001,512,735 | -H-- | C] () -- C:\ProgramData\dimlopmnjebx.dat
[2010/11/29 16:08:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/29 16:08:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/25 17:10:48 | 000,227,896 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/25 17:07:39 | 000,035,384 | ---- | C] () -- C:\Windows\System32\drivers\kbdclass.sys
[2010/11/24 14:42:18 | 000,000,680 | ---- | C] () -- C:\Users\Steven\AppData\Local\d3d9caps.dat
[2010/09/30 14:47:29 | 000,403,968 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/30 14:47:29 | 000,246,272 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/30 14:47:29 | 000,215,552 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/30 14:47:29 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/30 14:47:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/10 20:45:27 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/07/28 23:18:47 | 000,003,584 | ---- | C] () -- C:\Users\Guest\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 19:20:27 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/12/03 19:20:27 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT
[2008/10/26 11:26:38 | 000,006,656 | ---- | C] () -- C:\Users\Steven User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/16 19:10:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/29 17:35:45 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/11/06 18:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/11/06 18:13:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/11/06 18:13:22 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/11/06 18:13:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/11/06 18:13:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/11/06 17:33:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/11/06 17:33:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/11/06 17:33:44 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/11/06 17:33:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/09/13 18:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 18:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 18:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 18:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/05 16:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,321,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,607,658 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,530 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\DriverCure
[2010/10/04 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\gtk-2.0
[2010/12/15 15:03:25 | 000,000,000 | -HSD | M] -- C:\Users\Steven\AppData\Roaming\Internet Security Suite
[2010/07/11 15:05:20 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\My Battle for Middle-earth Files
[2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\ParetoLogic
[2008/04/06 10:57:17 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\TOSHIBA
[2008/03/29 17:43:54 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WildTangent
[2008/04/06 10:55:30 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WinBatch
[2011/11/15 17:09:26 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\30EF7
[2011/11/16 00:04:25 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\90D30
[2011/11/17 20:30:22 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\avD2onF4pH
[2011/06/05 22:05:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\BitTorrent
[2010/12/07 15:45:17 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\DriverCure
[2011/11/13 03:27:15 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\hrzONtxA0c2b3n4
[2011/11/26 18:04:14 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\iL9gTXqjYeIrOtA
[2011/11/13 03:21:49 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\l9gTXqjYCkVzNx0
[2011/11/08 22:57:32 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\LS1ibD3on4HsJfL
[2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth Files
[2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth™ II Files
[2011/11/08 22:57:40 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\NpnG5aQH6W7
[2011/11/13 03:21:47 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\NQJ6dEKfR9TwUeI
[2011/11/08 22:57:40 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\okIBrzONyAuSiF
[2010/12/07 15:45:12 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\ParetoLogic
[2011/11/17 20:30:14 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\QnG5aQH6dKf
[2011/11/17 20:30:30 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\RsQJ7dEK8R9YwUe
[2011/11/26 18:04:15 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\RucS2ibD3n4Q6W
[2011/11/13 03:27:08 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\U9hTXwjUeIrPyAu
[2009/12/13 16:18:55 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WeatherBug
[2008/06/27 16:19:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WinBatch
[2011/11/17 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\WonF4pmH5Q7E8R9
[2011/11/13 03:21:57 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\XvDobF4pm5Q6E8R
[2011/11/14 23:28:28 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\ZEoe6z4wogxWwAH
[2011/01/13 03:07:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\2f8725
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/06/06 22:12:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Flip Video
[2010/12/08 18:35:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\ISVZJKWXPS
[2010/09/10 19:40:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\MSDXBJHHS
[2011/06/05 21:17:26 | 000,000,000 | -H-D | M] -- C:\ProgramData\Napster
[2011/11/26 17:58:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\ParetoLogic
[2011/11/17 22:36:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2007/12/11 08:36:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\Toshiba
[2011/06/06 22:12:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2011/06/06 22:12:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2009/03/15 14:23:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2007/12/11 08:13:39 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/05/02 13:17:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/14 23:59:59 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/10/01 00:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/09/10 21:54:55 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011/11/26 16:31:01 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\Windows\1970516416:1062112394.exe
< End of report >
  • 0

#9
SarahDoughnut717

SarahDoughnut717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is my most recent OTL scan:


OTL logfile created on: 11/27/2011 11:35:23 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 88.22 Gb Free Space | 59.78% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.78% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto] -- -- (TosCoSrv)
SRV - File not found [Auto] -- -- (MSK80Service)
SRV - File not found [Auto] -- -- (MpfService)
SRV - File not found [On_Demand] -- -- (McSysmon)
SRV - File not found [Auto] -- -- (McProxy)
SRV - File not found [Auto] -- -- (mcmscsvc)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [Auto] -- -- (Apple Mobile Device)
SRV - [2011/11/08 22:53:19 | 000,532,480 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2011/11/08 22:53:16 | 000,196,608 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2011/11/08 22:53:12 | 000,225,280 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2011/11/08 22:53:10 | 000,294,912 | ---- | M] () [Auto] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2011/11/08 22:53:05 | 000,765,952 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/11/08 22:53:04 | 002,584,576 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2011/11/08 22:52:56 | 000,569,344 | ---- | M] (WildTangent, Inc.) [Auto] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2011/11/08 22:52:55 | 000,598,016 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/11/08 22:52:48 | 000,188,416 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2011/05/28 01:09:00 | 001,512,735 | -H-- | M] () [Auto] -- C:\ProgramData\dimlopmnjebx.dat -- (SENS)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand] -- -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IO_Memory)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/11/26 20:51:54 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\1970516416 -- (c0b17375)
DRV - [2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/18 19:35:53 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110415.001\bhdrvx86.sys -- (BHDrvx86)
DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\navex15.sys -- (NAVEX15)
DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\naveng.sys -- (NAVENG)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys -- (SymEFA)
DRV - [2011/03/14 21:29:00 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110330.001\idsvix86.sys -- (IDSVix86)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/01/19 02:42:48 | 000,227,896 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2008/01/19 02:41:52 | 000,035,384 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2007/09/19 13:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/07/24 15:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 10:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 12:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 12:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 12:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 12:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/06/01 16:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 01:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 01:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 07:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25402

IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...UTF-8&#38;hl=en
IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/mswmp,version=1.0: C:\Program Files\SpiralFrog\wmp\np-mswmp.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SpiralFrog.com/Download Manager,version=1.0.0: C:\Program Files\SpiralFrog\NPSFDMGR.dll (SpiralFrog Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ClickPotatoLite\bin\10.0.528.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/23 15:33:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/23 15:33:05 | 000,000,000 | ---D | M]

[2010/12/08 17:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Steven_User_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe (SpiralFrog)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\Guest_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Guest_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steven_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Steven_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steven_User_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Steven_User_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - File not found
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinn...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/27 22:34:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard
[2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F
[2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/11/18 00:11:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2011/11/18 00:07:17 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\CrashDumps
[2011/11/17 23:13:58 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\NPE
[2011/11/17 23:07:14 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/11/17 22:52:39 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/17 22:52:11 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys
[2011/11/17 22:52:11 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/11/17 22:52:11 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys
[2011/11/17 22:52:11 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/11/17 22:52:11 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
[2011/11/17 22:52:11 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\ironx86.sys
[2011/11/17 22:52:11 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/11/17 22:51:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
[2011/11/17 22:50:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011/11/17 22:50:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/17 22:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/11/17 22:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2011/11/17 21:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/11/08 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012
[2011/11/07 19:15:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/26 20:51:54 | 000,000,000 | ---- | M] () -- C:\Windows\1970516416
[2011/11/26 20:51:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/26 19:24:11 | 146,509,049 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/26 19:09:25 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/26 19:09:25 | 000,105,530 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/26 18:43:58 | 076,004,920 | -H-- | M] () -- C:\ProgramData\xbejnmpolmid.dat
[2011/11/26 18:38:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 18:38:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 18:04:15 | 000,001,927 | ---- | M] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
[2011/11/26 17:58:53 | 000,000,925 | ---- | M] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
[2011/11/26 17:57:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
[2011/11/26 16:31:41 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ej23jnm23.dat
[2011/11/26 16:31:31 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocejmiaiw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\odej23moc.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\muhmiaol23.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\metroosehw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\exeiuqolmis.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ewqlldnolmia.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\otiuqarcjra.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocmuhmjila.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\niw46mia23.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\busmjnolexe.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\46nololarc.dat
[2011/11/26 16:12:36 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\mia46mirmoc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\arcotniwniw.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\23hwmiamoc.dat
[2011/11/18 20:01:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/11/18 18:20:45 | 000,775,673 | ---- | M] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
[2011/11/18 02:33:05 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
[2011/11/18 02:32:42 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlrmdr.exe
[2011/11/18 02:32:42 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpnotify.exe
[2011/11/18 02:32:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2011/11/18 02:31:59 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/11/18 02:31:15 | 000,318,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/11/18 02:29:40 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011/11/18 02:29:33 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasautou.exe
[2011/11/18 02:29:15 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2011/11/18 02:29:15 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/11/18 02:29:01 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printui.exe
[2011/11/18 02:28:41 | 000,520,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2011/11/18 02:28:41 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011/11/18 02:28:34 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011/11/18 02:28:32 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
[2011/11/18 02:28:27 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011/11/18 02:27:50 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2011/11/18 02:26:46 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/11/18 02:26:42 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011/11/18 02:26:33 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011/11/18 02:25:45 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011/11/18 02:24:18 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2011/11/18 02:23:55 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/11/18 02:23:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/11/18 02:22:41 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
[2011/11/18 02:22:13 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdbinst.exe
[2011/11/17 23:39:26 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_77621.nl_
[2011/11/17 23:18:19 | 002,284,298 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/17 23:16:36 | 006,691,812 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
[2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/17 22:52:39 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/17 22:52:39 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/17 22:52:17 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/17 20:30:31 | 000,001,814 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
[2011/11/17 18:00:24 | 000,000,680 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
[2011/11/17 17:55:33 | 000,002,609 | ---- | M] () -- C:\Users\Steven User\Desktop\Microsoft Office Word 2003.lnk
[2011/11/16 00:04:52 | 000,437,248 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\java.exe
[2011/11/14 17:55:47 | 000,000,340 | ---- | M] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
[2011/11/13 03:55:52 | 000,760,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/11/11 22:33:21 | 000,657,042 | ---- | M] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
[2011/11/11 00:57:47 | 000,022,519 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/11/09 23:14:20 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011/11/09 21:09:08 | 001,818,624 | ---- | M] () -- C:\Windows\System32\System Security 2012v121.exe
[2011/11/09 01:58:19 | 000,215,552 | ---- | M] () -- C:\Windows\zip.exe
[2011/11/09 00:32:40 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
[2011/11/09 00:32:38 | 000,178,688 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
[2011/11/09 00:31:38 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/11/09 00:31:38 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2011/11/09 00:31:37 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011/11/09 00:31:37 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/11/09 00:31:36 | 000,393,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/11/09 00:31:36 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/11/09 00:31:35 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
[2011/11/09 00:31:35 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\write.exe
[2011/11/09 00:31:34 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
[2011/11/09 00:31:34 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/11/09 00:31:34 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcer.exe
[2011/11/09 00:31:31 | 003,364,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/11/09 00:31:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winver.exe
[2011/11/09 00:31:30 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/11/09 00:31:29 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/11/09 00:31:27 | 000,355,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/11/09 00:31:22 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2011/11/09 00:31:22 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
[2011/11/09 00:31:21 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\whoami.exe
[2011/11/09 00:31:21 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\where.exe
[2011/11/09 00:31:20 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011/11/09 00:31:20 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/11/09 00:31:19 | 001,007,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/11/09 00:31:18 | 001,290,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011/11/09 00:31:18 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/11/09 00:30:41 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011/11/09 00:30:41 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
[2011/11/09 00:30:40 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsp1cln.exe
[2011/11/09 00:30:40 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
[2011/11/09 00:30:39 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
[2011/11/09 00:30:39 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verclsid.exe
[2011/11/09 00:30:38 | 000,786,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011/11/09 00:30:37 | 000,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/11/09 00:30:37 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
[2011/11/09 00:30:36 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2011/11/09 00:30:35 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2011/11/09 00:30:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\typeperf.exe
[2011/11/09 00:30:34 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011/11/09 00:30:33 | 000,484,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2011/11/09 00:30:33 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011/11/09 00:30:33 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TRACERT.EXE
[2011/11/09 00:30:32 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
[2011/11/09 00:30:32 | 000,225,280 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\tosmreg.exe
[2011/11/09 00:30:31 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timeout.exe
[2011/11/09 00:30:30 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcmsetup.exe
[2011/11/09 00:30:19 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2011/11/09 00:30:19 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2011/11/09 00:30:18 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011/11/09 00:30:18 | 000,158,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TapiUnattend.exe
[2011/11/09 00:30:17 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesRemote.exe
[2011/11/09 00:30:17 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011/11/09 00:30:17 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systray.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesProtection.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesPerformance.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesHardware.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesComputerName.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesAdvanced.exe
[2011/11/09 00:30:14 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
[2011/11/09 00:30:11 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
[2011/11/09 00:30:11 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
[2011/11/09 00:30:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\subst.exe
[2011/11/09 00:29:58 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2011/11/09 00:29:58 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sort.exe
[2011/11/09 00:29:57 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011/11/09 00:29:57 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/11/09 00:29:54 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011/11/09 00:29:53 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011/11/09 00:29:52 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sigverif.exe
[2011/11/09 00:29:51 | 000,543,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
[2011/11/09 00:29:51 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
[2011/11/09 00:29:50 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setx.exe
[2011/11/09 00:29:50 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
[2011/11/09 00:29:49 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011/11/09 00:29:49 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
[2011/11/09 00:29:48 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/11/09 00:29:47 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/11/09 00:29:47 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011/11/09 00:29:46 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
[2011/11/09 00:29:46 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secinit.exe
[2011/11/09 00:29:44 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/11/09 00:29:44 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
[2011/11/09 00:29:43 | 000,299,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/11/09 00:29:42 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011/11/09 00:29:42 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sc.exe
[2011/11/09 00:29:42 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2011/11/09 00:29:41 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RunLegacyCPLElevated.exe
[2011/11/09 00:29:41 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runas.exe
[2011/11/09 00:29:39 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/11/09 00:29:39 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
[2011/11/09 00:29:39 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/11/09 00:29:38 | 000,235,008 | ---- | M] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011/11/09 00:29:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RmClient.exe
[2011/11/09 00:29:37 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/11/09 00:29:37 | 000,494,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/11/09 00:29:36 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/11/09 00:29:36 | 000,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/11/09 00:29:35 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\replace.exe
[2011/11/09 00:29:19 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2011/11/09 00:29:19 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2011/11/09 00:29:18 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/11/09 00:29:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
[2011/11/09 00:29:17 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011/11/09 00:29:17 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
[2011/11/09 00:29:17 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regedt32.exe
[2011/11/09 00:29:16 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recover.exe
[2011/11/09 00:29:15 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
[2011/11/09 00:29:15 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
[2011/11/09 00:29:15 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
[2011/11/09 00:29:14 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011/11/09 00:29:13 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2011/11/09 00:29:12 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2011/11/09 00:29:10 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/11/09 00:29:10 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/11/09 00:29:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\print.exe
[2011/11/09 00:29:09 | 000,436,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/11/09 00:29:09 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powercfg.exe
[2011/11/09 00:29:08 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/11/09 00:29:08 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011/11/09 00:29:08 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\plasrv.exe
[2011/11/09 00:29:07 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/11/09 00:29:07 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
[2011/11/09 00:29:06 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011/11/09 00:29:06 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011/11/09 00:29:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaui.exe
[2011/11/09 00:29:05 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaelv.exe
[2011/11/09 00:29:05 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcalua.exe
[2011/11/09 00:29:04 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
[2011/11/09 00:29:04 | 000,329,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011/11/09 00:29:04 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PATHPING.EXE
[2011/11/09 00:29:03 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
[2011/11/09 00:29:03 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\openfiles.exe
[2011/11/09 00:28:54 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.exe
[2011/11/09 00:28:53 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcad32.exe
[2011/11/09 00:28:53 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/11/09 00:28:52 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2011/11/09 00:28:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/11/09 00:28:49 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/11/09 00:28:48 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netsh.exe
[2011/11/09 00:28:48 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NetProj.exe
[2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
[2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/11/09 00:28:46 | 000,306,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011/11/09 00:28:46 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net.exe
[2011/11/09 00:28:45 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
[2011/11/09 00:28:44 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
[2011/11/09 00:28:42 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
[2011/11/09 00:28:41 | 000,632,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2011/11/09 00:28:41 | 000,612,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2011/11/09 00:28:41 | 000,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/11/09 00:28:40 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/09 00:28:37 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011/11/09 00:28:37 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
[2011/11/09 00:28:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
[2011/11/09 00:28:33 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/11/09 00:28:32 | 001,939,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011/11/09 00:28:19 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2011/11/09 00:28:17 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/11/09 00:28:16 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011/11/09 00:28:16 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011/11/09 00:28:16 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdRes.exe
[2011/11/09 00:28:15 | 001,086,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/11/09 00:28:15 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2011/11/09 00:28:14 | 000,857,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011/11/09 00:28:11 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011/11/09 00:28:10 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011/11/09 00:28:10 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/11/09 00:28:07 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/11/09 00:28:06 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2011/11/09 00:28:01 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\label.exe
[2011/11/09 00:28:01 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2011/11/09 00:28:00 | 000,286,720 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/11/09 00:28:00 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/11/09 00:27:59 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/11/09 00:27:58 | 000,313,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\irftp.exe
[2011/11/09 00:27:58 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicpl.exe
[2011/11/09 00:27:57 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011/11/09 00:27:57 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
[2011/11/09 00:27:48 | 001,060,864 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2011/11/09 00:27:46 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/11/09 00:27:46 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/11/09 00:27:45 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/11/09 00:27:45 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2011/11/09 00:27:44 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2011/11/09 00:27:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2011/11/09 00:27:42 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/11/09 00:27:41 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\help.exe
[2011/11/09 00:27:40 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\grpconv.exe
[2011/11/09 00:27:38 | 000,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011/11/09 00:27:38 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011/11/09 00:27:37 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2011/11/09 00:27:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/11/09 00:27:36 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/11/09 00:27:35 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\forfiles.exe
[2011/11/09 00:27:35 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontview.exe
[2011/11/09 00:27:35 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fltMC.exe
[2011/11/09 00:27:34 | 002,732,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2011/11/09 00:27:34 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallSettings.exe
[2011/11/09 00:27:34 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fixmapi.exe
[2011/11/09 00:27:33 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/11/09 00:27:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\find.exe
[2011/11/09 00:27:33 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/11/09 00:27:32 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011/11/09 00:27:31 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2011/11/09 00:27:30 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventvwr.exe
[2011/11/09 00:27:30 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventcreate.exe
[2011/11/09 00:27:29 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/11/09 00:27:29 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2011/11/09 00:27:15 | 000,400,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/11/09 00:27:15 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\efsui.exe
[2011/11/09 00:27:14 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2011/11/09 00:27:13 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dvdupgrd.exe
[2011/11/09 00:22:42 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2011/11/09 00:22:41 | 000,170,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2011/11/09 00:22:41 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dplaysvr.exe
[2011/11/09 00:22:40 | 000,554,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011/11/09 00:22:40 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2011/11/09 00:22:39 | 000,249,856 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/11/09 00:22:39 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\doskey.exe
[2011/11/09 00:22:38 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2011/11/09 00:22:38 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhst3g.exe
[2011/11/09 00:22:37 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/11/09 00:22:37 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/11/09 00:22:37 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskperf.exe
[2011/11/09 00:22:36 | 000,241,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2011/11/09 00:22:36 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dialer.exe
[2011/11/09 00:22:35 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011/11/09 00:22:35 | 000,311,296 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2011/11/09 00:22:34 | 000,244,224 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2011/11/09 00:22:34 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2011/11/09 00:22:34 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2011/11/09 00:22:33 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011/11/09 00:22:33 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceProperties.exe
[2011/11/09 00:22:32 | 000,374,272 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2011/11/09 00:22:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dcomcnfg.exe
[2011/11/09 00:22:29 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/11/09 00:22:29 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credwiz.exe
[2011/11/09 00:22:28 | 000,359,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\control.exe
[2011/11/09 00:22:28 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2011/11/09 00:22:27 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011/11/09 00:21:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2011/11/09 00:21:00 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2011/11/09 00:21:00 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comp.exe
[2011/11/09 00:21:00 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\compact.exe
[2011/11/09 00:20:58 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\colorcpl.exe
[2011/11/09 00:20:57 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011/11/09 00:20:57 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cofire.exe
[2011/11/09 00:20:56 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
[2011/11/09 00:20:56 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011/11/09 00:20:55 | 000,466,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011/11/09 00:20:55 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clip.exe
[2011/11/09 00:20:55 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdkey.exe
[2011/11/09 00:20:54 | 000,326,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cleanmgr.exe
[2011/11/09 00:20:54 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011/11/09 00:20:54 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cliconfg.exe
[2011/11/09 00:20:53 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\choice.exe
[2011/11/09 00:20:53 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkntfs.exe
[2011/11/09 00:20:52 | 000,946,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011/11/09 00:20:52 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\charmap.exe
[2011/11/09 00:20:52 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkdsk.exe
[2011/11/09 00:20:51 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011/11/09 00:20:51 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011/11/09 00:20:46 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011/11/09 00:20:46 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2011/11/09 00:20:45 | 000,241,664 | ---- | M] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2011/11/09 00:20:45 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011/11/09 00:20:44 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2011/11/09 00:20:42 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011/11/09 00:20:41 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011/11/09 00:20:39 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/11/09 00:20:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
[2011/11/09 00:20:38 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
[2011/11/09 00:20:38 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2011/11/09 00:20:38 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/11/09 00:20:36 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AdapterTroubleshooter.exe
[2011/11/09 00:20:35 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2011/11/09 00:19:23 | 000,246,272 | ---- | M] () -- C:\Windows\sed.exe
[2011/11/09 00:19:20 | 000,425,984 | ---- | M] (Toshiba America Information Systems) -- C:\Windows\SavePOH.exe
[2011/11/09 00:19:19 | 004,591,616 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/11/09 00:19:19 | 001,339,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2011/11/09 00:19:08 | 000,403,968 | ---- | M] () -- C:\Windows\PEV.exe
[2011/11/09 00:15:49 | 000,462,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2011/11/09 00:15:48 | 000,645,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2011/11/09 00:15:43 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2011/11/09 00:14:57 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/11/09 00:08:50 | 000,195,072 | ---- | M] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2011/11/09 00:05:34 | 000,430,080 | ---- | M] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
[2011/11/08 23:35:12 | 000,638,976 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\cselect.exe
[2011/11/08 22:59:47 | 001,267,298 | ---- | M] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
[2011/11/08 22:53:30 | 005,292,544 | ---- | M] (ParetoLogic, Inc.) -- C:\Users\Steven User\Desktop\PCHA.exe
[2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
[2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2011/11/08 22:52:17 | 000,133,632 | ---- | M] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
[2011/11/06 23:35:41 | 000,001,100 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
[334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/26 16:31:41 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ej23jnm23.dat
[2011/11/26 16:31:31 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocejmiaiw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\odej23moc.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\muhmiaol23.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\metroosehw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\exeiuqolmis.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ewqlldnolmia.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\otiuqarcjra.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocmuhmjila.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\niw46mia23.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\busmjnolexe.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\46nololarc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\mia46mirmoc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\arcotniwniw.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\23hwmiamoc.dat
[2011/11/18 20:01:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F\isolate.ini
[2011/11/17 23:17:25 | 002,284,298 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/17 23:15:54 | 006,691,812 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
[2011/11/17 23:07:14 | 000,000,925 | ---- | C] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
[2011/11/17 22:52:39 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/17 22:52:39 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/17 22:52:11 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/11/17 22:52:11 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.cat
[2011/11/17 22:52:11 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.cat
[2011/11/17 22:52:11 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.cat
[2011/11/17 22:52:11 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/11/17 22:52:11 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/11/17 22:52:11 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.inf
[2011/11/17 22:52:11 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.inf
[2011/11/17 22:52:11 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/11/17 22:52:11 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.inf
[2011/11/17 22:52:11 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/11/17 22:52:11 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/11/17 22:52:11 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.inf
[2011/11/17 22:52:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
[2011/11/17 22:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.cat
[2011/11/17 20:30:31 | 000,001,927 | ---- | C] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
[2011/11/15 17:08:22 | 000,437,248 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\java.exe
[2011/11/12 01:33:53 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_77621.nl_
[2011/11/11 22:32:20 | 000,657,042 | ---- | C] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
[2011/11/08 23:52:09 | 000,775,673 | ---- | C] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
[2011/11/08 22:59:47 | 000,430,080 | ---- | C] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
[2011/11/08 22:57:40 | 000,001,814 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
[2011/11/08 22:57:32 | 001,818,624 | ---- | C] () -- C:\Windows\System32\System Security 2012v121.exe
[2011/11/08 22:53:33 | 000,000,340 | ---- | C] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
[2011/11/08 22:52:12 | 001,267,298 | ---- | C] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
[2011/11/08 22:52:12 | 000,133,632 | ---- | C] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
[2011/06/06 21:59:30 | 000,000,680 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
[2011/06/05 22:09:49 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~30531320r
[2011/06/05 22:09:48 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~30531320
[2011/06/05 22:08:44 | 000,000,392 | -H-- | C] () -- C:\ProgramData\30531320
[2011/06/05 17:51:42 | 000,001,100 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
[2011/05/28 01:09:00 | 076,004,920 | -H-- | C] () -- C:\ProgramData\xbejnmpolmid.dat
[2011/05/28 01:09:00 | 003,748,983 | -H-- | C] () -- C:\Windows\System32\32mnj32je.dat
[2011/05/28 01:09:00 | 003,412,402 | -H-- | C] () -- C:\Windows\System32\com32jedo.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\winwintocra.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comrim64aim.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comaimwh32.dat
[2011/05/28 01:09:00 | 003,233,636 | -H-- | C] () -- C:\Windows\System32\wiaimjeco.dat
[2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\exelonjmsub.dat
[2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\alijmhumco.dat
[2011/05/28 01:09:00 | 002,938,007 | -H-- | C] () -- C:\Windows\System32\simloquiexe.dat
[2011/05/28 01:09:00 | 002,610,209 | -H-- | C] () -- C:\Windows\System32\arjcraquito.dat
[2011/05/28 01:09:00 | 002,554,671 | -H-- | C] () -- C:\Windows\System32\32aim64win.dat
[2011/05/28 01:09:00 | 002,499,132 | -H-- | C] () -- C:\Windows\System32\32loaimhum.dat
[2011/05/28 01:09:00 | 002,480,750 | -H-- | C] () -- C:\Windows\System32\cralolon64.dat
[2011/05/28 01:09:00 | 002,024,737 | -H-- | C] () -- C:\Windows\System32\aimlondllqwe.dat
[2011/05/28 01:09:00 | 002,016,254 | -H-- | C] () -- C:\Windows\System32\whesoortem.dat
[2011/05/28 01:09:00 | 001,512,735 | -H-- | C] () -- C:\ProgramData\dimlopmnjebx.dat
[2010/11/29 16:08:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/29 16:08:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/25 17:10:48 | 000,227,896 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/25 17:07:39 | 000,035,384 | ---- | C] () -- C:\Windows\System32\drivers\kbdclass.sys
[2010/11/24 14:42:18 | 000,000,680 | ---- | C] () -- C:\Users\Steven\AppData\Local\d3d9caps.dat
[2010/09/30 14:47:29 | 000,403,968 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/30 14:47:29 | 000,246,272 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/30 14:47:29 | 000,215,552 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/30 14:47:29 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/30 14:47:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/10 20:45:27 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/07/28 23:18:47 | 000,003,584 | ---- | C] () -- C:\Users\Guest\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 19:20:27 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/12/03 19:20:27 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT
[2008/10/26 11:26:38 | 000,006,656 | ---- | C] () -- C:\Users\Steven User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/16 19:10:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/29 17:35:45 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/11/06 18:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/11/06 18:13:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/11/06 18:13:22 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/11/06 18:13:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/11/06 18:13:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/11/06 17:33:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/11/06 17:33:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/11/06 17:33:44 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/11/06 17:33:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/09/13 18:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 18:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 18:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 18:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/05 16:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,321,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,607,658 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,530 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\DriverCure
[2010/10/04 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\gtk-2.0
[2010/12/15 15:03:25 | 000,000,000 | -HSD | M] -- C:\Users\Steven\AppData\Roaming\Internet Security Suite
[2010/07/11 15:05:20 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\My Battle for Middle-earth Files
[2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\ParetoLogic
[2008/04/06 10:57:17 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\TOSHIBA
[2008/03/29 17:43:54 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WildTangent
[2008/04/06 10:55:30 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WinBatch
[2011/06/05 22:05:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\BitTorrent
[2010/12/07 15:45:17 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\DriverCure
[2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth Files
[2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth™ II Files
[2010/12/07 15:45:12 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\ParetoLogic
[2009/12/13 16:18:55 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WeatherBug
[2008/06/27 16:19:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WinBatch
[2011/01/13 03:07:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\2f8725
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/06/06 22:12:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Flip Video
[2010/12/08 18:35:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\ISVZJKWXPS
[2010/09/10 19:40:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\MSDXBJHHS
[2011/06/05 21:17:26 | 000,000,000 | -H-D | M] -- C:\ProgramData\Napster
[2011/11/26 17:58:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\ParetoLogic
[2011/11/17 22:36:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2007/12/11 08:36:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\Toshiba
[2011/06/06 22:12:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2011/06/06 22:12:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2009/03/15 14:23:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2007/12/11 08:13:39 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/05/02 13:17:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/14 23:59:59 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/10/01 00:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/09/10 21:54:55 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011/11/26 16:31:01 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< :OTL >

< @Alternate Data Stream - 816 bytes -> C:\Windows\1970516416:1062112394.exe >


< :files >

< C:\Windows\System32\drivers\kbdclass.sys|C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\kbdclass.sys /replace >
Invalid Switch: replace

< C:\Windows\System32\drivers\volsnap.sys|C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys /replace >
Invalid Switch: replace


========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\Windows\1970516416:1062112394.exe

< End of report >
  • 0

#10
SarahDoughnut717

SarahDoughnut717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Does anyone know what I should do next?
  • 0

Advertisements


#11
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
you really need to be patient when you ask a question and understand we are not 24/7 available, i am going through the logs right now and will post an answer what to next shortly
  • 0

#12
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Copy the contents of Fix.txt into the Custom scans and fixes box
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible

Let me know now if you can access the system in normal mode

Attached Files

  • Attached File  Fix.txt   13.14KB   50 downloads

  • 0

#13
SarahDoughnut717

SarahDoughnut717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi,
I have been getting help from someone, they have been feeding me custom scans and such, at one point I tried to boot it normally and it went to "guest" with a password, an account that wasn't created by us. So the other person helping me gave me more custom fixes. Sorry about being impatient, I was trying to finish up before I had to leave the house, so now I am no longer doing it myself I'm giving instructions to my brother over the phone. This was the log of the most recent fix:



Error: Unable to interpret <C:\Windows\System32\ej23jnm23.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\ocejmiaiw.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\odej23moc.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\muhmiaol23.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\metroosehw.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\exeiuqolmis.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\ewqlldnolmia.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\otiuqarcjra.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\ocmuhmjila.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\niw46mia23.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\busmjnolexe.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\46nololarc.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\mia46mirmoc.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\arcotniwniw.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\23hwmiamoc.dat> in the current context!
Error: Unable to interpret <C:\Users\Steven User\Desktop\AV Protection 2011.lnk> in the current context!
Error: Unable to interpret <C:\Windows\System32\c_77621.nl_> in the current context!
Error: Unable to interpret <C:\Users\Steven User\Desktop\0.22068448169927946.exe> in the current context!
Error: Unable to interpret <C:\Users\Steven User\AppData\Local\dfl20z32.dll> in the current context!
Error: Unable to interpret <C:\Users\Steven User\Desktop\0.6255255489322431.exe> in the current context!
Error: Unable to interpret <C:\Users\Steven User\AppData\Roaming\ldr.ini> in the current context!
Error: Unable to interpret <C:\Windows\System32\System Security 2012v121.exe> in the current context!
Error: Unable to interpret <C:\Users\Steven User\AppData\Local\wsr20zt32.dll> in the current context!
Error: Unable to interpret <C:\Users\Steven User\Desktop\0.8543574810547517.exe> in the current context!
Error: Unable to interpret <C:\Users\Steven User\Desktop\0.4049731133631722.exe> in the current context!
Error: Unable to interpret <C:\ProgramData\~30531320r> in the current context!
Error: Unable to interpret <C:\ProgramData\~30531320> in the current context!
Error: Unable to interpret <C:\ProgramData\30531320> in the current context!
Error: Unable to interpret <C:\ProgramData\xbejnmpolmid.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\32mnj32je.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\com32jedo.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\winwintocra.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\comrim64aim.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\comaimwh32.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\wiaimjeco.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\exelonjmsub.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\alijmhumco.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\simloquiexe.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\arjcraquito.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\32aim64win.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\32loaimhum.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\cralolon64.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\aimlondllqwe.dat> in the current context!
Error: Unable to interpret <C:\Windows\System32\whesoortem.dat> in the current context!
Error: Unable to interpret <C:\ProgramData\dimlopmnjebx.dat> in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 11282011_210250


Now he other person instructed me to do this for a scan:

netsvcs
set /c
/md5start
UXTHEME.DLL
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
Userinit.exe
Explorer.exe
Winlogon.exe
Regedit.exe
SCLWAPI.dll
/md5stop
%SYSTEMDRIVE%\*.*
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job

My brother is currently doing that. Should I stop it and put in the fix you sent me? I hope my brother did not do it wrong, again, I'm sorry about being impatient.
  • 0

#14
SarahDoughnut717

SarahDoughnut717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is the results of the most recent scan. Should I run the fix you sent?



OTL logfile created on: 11/28/2011 9:10:14 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 86.21 Gb Free Space | 58.41% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.77% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto] -- -- (TosCoSrv)
SRV - File not found [Auto] -- -- (MSK80Service)
SRV - File not found [Auto] -- -- (MpfService)
SRV - File not found [On_Demand] -- -- (McSysmon)
SRV - File not found [Auto] -- -- (McProxy)
SRV - File not found [Auto] -- -- (mcmscsvc)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [Auto] -- -- (Apple Mobile Device)
SRV - [2011/11/08 22:53:19 | 000,532,480 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2011/11/08 22:53:16 | 000,196,608 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2011/11/08 22:53:12 | 000,225,280 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2011/11/08 22:53:10 | 000,294,912 | ---- | M] () [Auto] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2011/11/08 22:53:05 | 000,765,952 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/11/08 22:53:04 | 002,584,576 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2011/11/08 22:52:56 | 000,569,344 | ---- | M] (WildTangent, Inc.) [Auto] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2011/11/08 22:52:55 | 000,598,016 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/11/08 22:52:48 | 000,188,416 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2011/05/28 01:09:00 | 001,512,735 | -H-- | M] () [Auto] -- C:\ProgramData\dimlopmnjebx.dat -- (SENS)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand] -- -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IO_Memory)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | Disabled] -- -- (blbdrive)
DRV - [2011/11/28 11:21:09 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\1970516416 -- (c0b17375)
DRV - [2011/11/18 02:32:44 | 000,273,408 | ---- | M] () [Kernel | System] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/07/06 09:56:47 | 000,213,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2011/04/29 07:49:57 | 000,146,432 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2011/04/29 07:49:55 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2011/04/29 07:49:44 | 000,079,360 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2011/04/29 07:49:35 | 000,105,984 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2011/04/18 19:35:53 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110415.001\bhdrvx86.sys -- (BHDrvx86)
DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\navex15.sys -- (NAVEX15)
DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\naveng.sys -- (NAVENG)
DRV - [2011/04/14 09:24:14 | 000,075,264 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys -- (SymEFA)
DRV - [2011/03/14 21:29:00 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110330.001\idsvix86.sys -- (IDSVix86)
DRV - [2011/02/22 07:51:51 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2011/02/18 08:31:24 | 000,304,640 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/08/20 23:59:12 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/06/16 10:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip6)
DRV - [2010/06/16 10:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2010/04/19 19:47:42 | 000,041,984 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2010/02/20 16:18:40 | 000,411,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2010/02/18 06:52:00 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2009/06/15 13:20:59 | 000,439,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/08/01 20:01:23 | 000,625,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2008/05/19 21:07:31 | 000,148,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2008/04/04 20:21:42 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\pacer.sys -- (PSched)
DRV - [2008/02/22 21:38:33 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2008/01/19 02:43:40 | 001,081,912 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/01/19 02:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/01/19 02:43:27 | 000,503,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2008/01/19 02:43:03 | 000,294,456 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2008/01/19 02:43:03 | 000,266,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2008/01/19 02:42:58 | 000,247,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\clfs.sys -- (CLFS) Common Log (CLFS)
DRV - [2008/01/19 02:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2008/01/19 02:42:38 | 000,192,056 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2008/01/19 02:42:35 | 000,181,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2008/01/19 02:42:31 | 000,058,936 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2008/01/19 02:42:29 | 000,163,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2008/01/19 02:42:28 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/01/19 02:42:23 | 000,056,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2008/01/19 02:42:20 | 000,151,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2008/01/19 02:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\disk.sys -- (disk)
DRV - [2008/01/19 02:42:19 | 000,054,328 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2008/01/19 02:42:18 | 000,052,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2008/01/19 02:42:14 | 000,049,720 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
DRV - [2008/01/19 02:42:11 | 000,143,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache)
DRV - [2008/01/19 02:41:52 | 000,035,384 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2008/01/19 02:41:52 | 000,034,360 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2008/01/19 02:41:49 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/01/19 02:41:40 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2008/01/19 02:41:30 | 000,021,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2008/01/19 02:41:25 | 000,020,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/01/19 02:41:20 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2008/01/19 02:41:14 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2008/01/19 02:41:14 | 000,015,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2008/01/19 01:14:40 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/01/19 01:04:19 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV - [2008/01/19 01:01:21 | 000,181,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/01/19 01:01:15 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2008/01/19 01:01:09 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2008/01/19 01:01:08 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/01/19 01:01:08 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2008/01/19 01:01:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/01/19 00:57:16 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2008/01/19 00:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/19 00:56:43 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV - [2008/01/19 00:56:34 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/01/19 00:56:34 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/01/19 00:56:33 | 000,121,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/01/19 00:56:33 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/01/19 00:56:31 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2008/01/19 00:56:31 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/01/19 00:56:31 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2008/01/19 00:56:29 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/01/19 00:56:28 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2008/01/19 00:56:28 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/01/19 00:56:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/01/19 00:56:07 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2008/01/19 00:56:07 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2008/01/19 00:55:58 | 000,071,680 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2008/01/19 00:55:50 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2008/01/19 00:55:45 | 000,035,840 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/01/19 00:55:41 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp)
DRV - [2008/01/19 00:55:40 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/01/19 00:55:35 | 000,184,320 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2008/01/19 00:55:27 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2008/01/19 00:55:19 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/01/19 00:55:03 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2008/01/19 00:55:03 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2008/01/19 00:54:46 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2008/01/19 00:53:42 | 000,194,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/01/19 00:53:40 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2008/01/19 00:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2008/01/19 00:53:21 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/01/19 00:53:20 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/01/19 00:53:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/01/19 00:53:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/01/19 00:52:19 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2008/01/19 00:52:06 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/01/19 00:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2008/01/19 00:49:20 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/01/19 00:49:19 | 000,006,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/01/19 00:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/01/19 00:49:18 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/01/19 00:49:18 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/01/19 00:49:16 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/19 00:49:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2008/01/19 00:49:12 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2008/01/19 00:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2008/01/19 00:32:47 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2008/01/19 00:30:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [File_System | Auto] -- C:\Windows\system32\drivers\luafv.sys -- (luafv)
DRV - [2008/01/19 00:30:23 | 000,027,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2008/01/19 00:28:45 | 000,110,080 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/01/19 00:28:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2008/01/19 00:28:10 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/01/19 00:28:09 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/01/19 00:28:08 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2008/01/19 00:28:02 | 000,070,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2008/01/19 00:28:01 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2008/01/19 00:28:01 | 000,136,192 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2008/01/19 00:27:57 | 000,012,800 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2008/01/19 00:27:21 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/01/18 23:30:49 | 000,053,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/06 17:02:00 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV - [2007/11/06 16:54:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2007/09/19 13:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/09/13 18:23:50 | 001,925,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/08/15 20:03:36 | 000,190,384 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/24 15:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 10:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 12:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 12:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 12:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 12:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/06/01 16:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/04/25 20:03:58 | 001,771,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/09 13:00:00 | 000,221,696 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 01:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:40 | 000,106,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\msdsm.sys -- (msdsm)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mpio.sys -- (mpio)
DRV - [2006/11/02 04:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:04 | 000,058,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2006/11/02 04:50:04 | 000,058,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,056,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - [2006/11/02 04:49:59 | 000,054,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:52 | 000,054,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\agp440.sys -- (agp440)
DRV - [2006/11/02 04:49:51 | 000,053,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2006/11/02 04:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2006/11/02 04:49:43 | 000,022,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2006/11/02 04:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\wd.sys -- (Wd)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdide.sys -- (amdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:49:20 | 000,013,416 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\pciide.sys -- (pciide)
DRV - [2006/11/02 04:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2006/11/02 04:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006/11/02 03:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 03:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 03:55:20 | 000,132,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV - [2006/11/02 03:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2006/11/02 03:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 03:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\circlass.sys -- (circlass)
DRV - [2006/11/02 03:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 03:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 03:53:56 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2006/11/02 03:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 03:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 03:51:40 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2006/11/02 03:51:40 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2006/11/02 03:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006/11/02 03:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006/11/02 03:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006/11/02 03:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - [2006/11/02 03:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 03:51:25 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - [2006/11/02 03:51:23 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - [2006/11/02 03:51:12 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2006/11/02 03:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ipmidrv.sys -- (IPMIDRV)
DRV - [2006/11/02 03:35:03 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2006/11/02 03:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\viac7.sys -- (ViaC7)
DRV - [2006/11/02 03:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006/11/02 03:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006/11/02 03:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006/11/02 03:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\processr.sys -- (Processor)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:49 | 000,235,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 02:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 01:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 07:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Guest_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steven_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25402

IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...UTF-8&#38;hl=en
IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steven_User_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/mswmp,version=1.0: C:\Program Files\SpiralFrog\wmp\np-mswmp.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SpiralFrog.com/Download Manager,version=1.0.0: C:\Program Files\SpiralFrog\NPSFDMGR.dll (SpiralFrog Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 16:34:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ClickPotatoLite\bin\10.0.528.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/23 15:33:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/23 15:33:05 | 000,000,000 | ---D | M]

[2010/12/08 17:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/23 15:32:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/10/23 15:32:53 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/10/23 15:32:53 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2011/10/23 15:32:58 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2010/05/02 13:10:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/05/02 13:10:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/05/02 13:10:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/05/02 13:10:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/05/02 13:10:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/05/02 13:10:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/05/02 13:10:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2011/10/23 15:33:01 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/10/23 15:33:01 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2011/10/23 15:33:01 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2011/10/23 15:33:01 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/10/23 15:33:01 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/10/23 15:33:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/10/23 15:33:01 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Steven_User_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MRT] C:\Windows\System32\MRT.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe (SpiralFrog)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\Guest_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\Guest_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Guest_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steven_ON_C..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\Steven_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Steven_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steven_User_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Steven_User_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - File not found
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinn...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SENS - C:\ProgramData\dimlopmnjebx.dat ()
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/27 22:34:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard
[2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F
[2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/11/18 00:11:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2011/11/18 00:07:17 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\CrashDumps
[2011/11/17 23:13:58 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\NPE
[2011/11/17 23:07:14 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/11/17 22:52:39 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/17 22:52:11 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys
[2011/11/17 22:52:11 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/11/17 22:52:11 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys
[2011/11/17 22:52:11 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/11/17 22:52:11 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
[2011/11/17 22:52:11 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\ironx86.sys
[2011/11/17 22:52:11 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/11/17 22:51:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
[2011/11/17 22:50:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011/11/17 22:50:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/17 22:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/11/17 22:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2011/11/17 21:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/11/08 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012
[2011/11/07 19:15:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/28 20:39:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/28 11:21:09 | 000,000,000 | ---- | M] () -- C:\Windows\1970516416
[2011/11/28 11:20:55 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_77621.nl_
[2011/11/28 11:19:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 11:19:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 11:16:07 | 2137,415,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/26 19:24:11 | 146,509,049 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/26 19:09:25 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/26 19:09:25 | 000,105,530 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/26 18:43:58 | 076,004,920 | -H-- | M] () -- C:\ProgramData\xbejnmpolmid.dat
[2011/11/26 18:04:15 | 000,001,927 | ---- | M] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
[2011/11/26 17:58:53 | 000,000,925 | ---- | M] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
[2011/11/26 17:57:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
[2011/11/26 16:31:41 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ej23jnm23.dat
[2011/11/26 16:31:31 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocejmiaiw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\odej23moc.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\muhmiaol23.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\metroosehw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\exeiuqolmis.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ewqlldnolmia.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\otiuqarcjra.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocmuhmjila.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\niw46mia23.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\busmjnolexe.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\46nololarc.dat
[2011/11/26 16:12:36 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\mia46mirmoc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\arcotniwniw.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\23hwmiamoc.dat
[2011/11/18 20:01:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/11/18 18:20:45 | 000,775,673 | ---- | M] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
[2011/11/18 02:33:05 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
[2011/11/18 02:32:44 | 000,273,408 | ---- | M] () -- C:\Windows\System32\drivers\afd.sys
[2011/11/18 02:32:42 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlrmdr.exe
[2011/11/18 02:32:42 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpnotify.exe
[2011/11/18 02:32:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2011/11/18 02:31:59 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/11/18 02:31:15 | 000,318,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/11/18 02:29:40 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011/11/18 02:29:33 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasautou.exe
[2011/11/18 02:29:15 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2011/11/18 02:29:15 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/11/18 02:29:01 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printui.exe
[2011/11/18 02:28:41 | 000,520,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2011/11/18 02:28:41 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011/11/18 02:28:34 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011/11/18 02:28:32 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
[2011/11/18 02:28:27 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011/11/18 02:27:50 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2011/11/18 02:26:46 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/11/18 02:26:42 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011/11/18 02:26:33 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011/11/18 02:25:45 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011/11/18 02:24:18 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2011/11/18 02:23:55 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/11/18 02:23:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/11/18 02:22:41 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
[2011/11/18 02:22:13 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdbinst.exe
[2011/11/17 23:18:19 | 002,284,298 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/17 23:16:36 | 006,691,812 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
[2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/17 22:52:39 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/17 22:52:39 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/17 22:52:17 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/17 20:30:31 | 000,001,814 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
[2011/11/17 18:00:24 | 000,000,680 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
[2011/11/17 17:55:33 | 000,002,609 | ---- | M] () -- C:\Users\Steven User\Desktop\Microsoft Office Word 2003.lnk
[2011/11/16 00:04:52 | 000,437,248 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\java.exe
[2011/11/14 17:55:47 | 000,000,340 | ---- | M] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
[2011/11/13 03:55:52 | 000,760,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/11/11 22:33:21 | 000,657,042 | ---- | M] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
[2011/11/11 00:57:47 | 000,022,519 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/11/09 23:14:20 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011/11/09 21:09:08 | 001,818,624 | ---- | M] () -- C:\Windows\System32\System Security 2012v121.exe
[2011/11/09 01:58:19 | 000,215,552 | ---- | M] () -- C:\Windows\zip.exe
[2011/11/09 00:32:40 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
[2011/11/09 00:32:38 | 000,178,688 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
[2011/11/09 00:31:38 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/11/09 00:31:38 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2011/11/09 00:31:37 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011/11/09 00:31:37 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/11/09 00:31:36 | 000,393,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/11/09 00:31:36 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/11/09 00:31:35 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
[2011/11/09 00:31:35 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\write.exe
[2011/11/09 00:31:34 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
[2011/11/09 00:31:34 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/11/09 00:31:34 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcer.exe
[2011/11/09 00:31:31 | 003,364,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/11/09 00:31:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winver.exe
[2011/11/09 00:31:30 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/11/09 00:31:29 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/11/09 00:31:27 | 000,355,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/11/09 00:31:22 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2011/11/09 00:31:22 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
[2011/11/09 00:31:21 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\whoami.exe
[2011/11/09 00:31:21 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\where.exe
[2011/11/09 00:31:20 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011/11/09 00:31:20 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/11/09 00:31:19 | 001,007,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/11/09 00:31:18 | 001,290,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011/11/09 00:31:18 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/11/09 00:30:41 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011/11/09 00:30:41 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
[2011/11/09 00:30:40 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsp1cln.exe
[2011/11/09 00:30:40 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
[2011/11/09 00:30:39 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
[2011/11/09 00:30:39 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verclsid.exe
[2011/11/09 00:30:38 | 000,786,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011/11/09 00:30:37 | 000,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/11/09 00:30:37 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
[2011/11/09 00:30:36 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2011/11/09 00:30:35 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2011/11/09 00:30:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\typeperf.exe
[2011/11/09 00:30:34 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011/11/09 00:30:33 | 000,484,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2011/11/09 00:30:33 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011/11/09 00:30:33 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TRACERT.EXE
[2011/11/09 00:30:32 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
[2011/11/09 00:30:32 | 000,225,280 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\tosmreg.exe
[2011/11/09 00:30:31 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timeout.exe
[2011/11/09 00:30:30 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcmsetup.exe
[2011/11/09 00:30:19 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2011/11/09 00:30:19 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2011/11/09 00:30:18 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011/11/09 00:30:18 | 000,158,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TapiUnattend.exe
[2011/11/09 00:30:17 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesRemote.exe
[2011/11/09 00:30:17 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011/11/09 00:30:17 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systray.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesProtection.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesPerformance.exe
[2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesHardware.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesComputerName.exe
[2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesAdvanced.exe
[2011/11/09 00:30:14 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
[2011/11/09 00:30:11 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
[2011/11/09 00:30:11 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
[2011/11/09 00:30:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\subst.exe
[2011/11/09 00:29:58 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2011/11/09 00:29:58 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sort.exe
[2011/11/09 00:29:57 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011/11/09 00:29:57 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/11/09 00:29:54 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011/11/09 00:29:53 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011/11/09 00:29:52 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sigverif.exe
[2011/11/09 00:29:51 | 000,543,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
[2011/11/09 00:29:51 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
[2011/11/09 00:29:50 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setx.exe
[2011/11/09 00:29:50 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
[2011/11/09 00:29:49 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011/11/09 00:29:49 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
[2011/11/09 00:29:48 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/11/09 00:29:47 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/11/09 00:29:47 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011/11/09 00:29:46 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
[2011/11/09 00:29:46 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secinit.exe
[2011/11/09 00:29:44 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/11/09 00:29:44 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
[2011/11/09 00:29:43 | 000,299,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/11/09 00:29:42 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011/11/09 00:29:42 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sc.exe
[2011/11/09 00:29:42 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2011/11/09 00:29:41 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RunLegacyCPLElevated.exe
[2011/11/09 00:29:41 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runas.exe
[2011/11/09 00:29:39 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/11/09 00:29:39 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
[2011/11/09 00:29:39 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/11/09 00:29:38 | 000,235,008 | ---- | M] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011/11/09 00:29:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RmClient.exe
[2011/11/09 00:29:37 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/11/09 00:29:37 | 000,494,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/11/09 00:29:36 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/11/09 00:29:36 | 000,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/11/09 00:29:35 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\replace.exe
[2011/11/09 00:29:19 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2011/11/09 00:29:19 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2011/11/09 00:29:18 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/11/09 00:29:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
[2011/11/09 00:29:17 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011/11/09 00:29:17 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
[2011/11/09 00:29:17 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regedt32.exe
[2011/11/09 00:29:16 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recover.exe
[2011/11/09 00:29:15 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
[2011/11/09 00:29:15 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
[2011/11/09 00:29:15 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
[2011/11/09 00:29:14 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011/11/09 00:29:13 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2011/11/09 00:29:12 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2011/11/09 00:29:10 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/11/09 00:29:10 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/11/09 00:29:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\print.exe
[2011/11/09 00:29:09 | 000,436,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/11/09 00:29:09 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powercfg.exe
[2011/11/09 00:29:08 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/11/09 00:29:08 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011/11/09 00:29:08 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\plasrv.exe
[2011/11/09 00:29:07 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/11/09 00:29:07 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
[2011/11/09 00:29:06 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011/11/09 00:29:06 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011/11/09 00:29:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaui.exe
[2011/11/09 00:29:05 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaelv.exe
[2011/11/09 00:29:05 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcalua.exe
[2011/11/09 00:29:04 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
[2011/11/09 00:29:04 | 000,329,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011/11/09 00:29:04 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PATHPING.EXE
[2011/11/09 00:29:03 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
[2011/11/09 00:29:03 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\openfiles.exe
[2011/11/09 00:28:54 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.exe
[2011/11/09 00:28:53 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcad32.exe
[2011/11/09 00:28:53 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/11/09 00:28:52 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2011/11/09 00:28:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/11/09 00:28:49 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/11/09 00:28:48 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netsh.exe
[2011/11/09 00:28:48 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NetProj.exe
[2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
[2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/11/09 00:28:46 | 000,306,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011/11/09 00:28:46 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net.exe
[2011/11/09 00:28:45 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
[2011/11/09 00:28:44 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
[2011/11/09 00:28:42 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
[2011/11/09 00:28:41 | 000,632,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2011/11/09 00:28:41 | 000,612,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2011/11/09 00:28:41 | 000,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/11/09 00:28:40 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/09 00:28:37 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011/11/09 00:28:37 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
[2011/11/09 00:28:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
[2011/11/09 00:28:33 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/11/09 00:28:32 | 001,939,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011/11/09 00:28:19 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2011/11/09 00:28:17 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/11/09 00:28:16 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011/11/09 00:28:16 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011/11/09 00:28:16 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdRes.exe
[2011/11/09 00:28:15 | 001,086,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/11/09 00:28:15 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2011/11/09 00:28:14 | 000,857,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011/11/09 00:28:11 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011/11/09 00:28:10 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011/11/09 00:28:10 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/11/09 00:28:07 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/11/09 00:28:06 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2011/11/09 00:28:01 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\label.exe
[2011/11/09 00:28:01 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2011/11/09 00:28:00 | 000,286,720 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/11/09 00:28:00 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/11/09 00:27:59 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/11/09 00:27:58 | 000,313,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\irftp.exe
[2011/11/09 00:27:58 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicpl.exe
[2011/11/09 00:27:57 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011/11/09 00:27:57 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
[2011/11/09 00:27:48 | 001,060,864 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2011/11/09 00:27:46 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/11/09 00:27:46 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/11/09 00:27:45 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/11/09 00:27:45 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2011/11/09 00:27:44 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2011/11/09 00:27:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2011/11/09 00:27:42 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/11/09 00:27:41 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\help.exe
[2011/11/09 00:27:40 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\grpconv.exe
[2011/11/09 00:27:38 | 000,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011/11/09 00:27:38 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011/11/09 00:27:37 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2011/11/09 00:27:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/11/09 00:27:36 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/11/09 00:27:35 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\forfiles.exe
[2011/11/09 00:27:35 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontview.exe
[2011/11/09 00:27:35 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fltMC.exe
[2011/11/09 00:27:34 | 002,732,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2011/11/09 00:27:34 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallSettings.exe
[2011/11/09 00:27:34 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fixmapi.exe
[2011/11/09 00:27:33 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/11/09 00:27:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\find.exe
[2011/11/09 00:27:33 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/11/09 00:27:32 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011/11/09 00:27:31 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2011/11/09 00:27:30 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventvwr.exe
[2011/11/09 00:27:30 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventcreate.exe
[2011/11/09 00:27:29 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/11/09 00:27:29 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2011/11/09 00:27:15 | 000,400,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/11/09 00:27:15 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\efsui.exe
[2011/11/09 00:27:14 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2011/11/09 00:27:13 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dvdupgrd.exe
[2011/11/09 00:22:42 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2011/11/09 00:22:41 | 000,170,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2011/11/09 00:22:41 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dplaysvr.exe
[2011/11/09 00:22:40 | 000,554,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011/11/09 00:22:40 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2011/11/09 00:22:39 | 000,249,856 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/11/09 00:22:39 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\doskey.exe
[2011/11/09 00:22:38 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2011/11/09 00:22:38 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhst3g.exe
[2011/11/09 00:22:37 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/11/09 00:22:37 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/11/09 00:22:37 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskperf.exe
[2011/11/09 00:22:36 | 000,241,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2011/11/09 00:22:36 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dialer.exe
[2011/11/09 00:22:35 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011/11/09 00:22:35 | 000,311,296 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2011/11/09 00:22:34 | 000,244,224 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2011/11/09 00:22:34 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2011/11/09 00:22:34 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2011/11/09 00:22:33 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011/11/09 00:22:33 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceProperties.exe
[2011/11/09 00:22:32 | 000,374,272 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2011/11/09 00:22:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dcomcnfg.exe
[2011/11/09 00:22:29 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/11/09 00:22:29 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credwiz.exe
[2011/11/09 00:22:28 | 000,359,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\control.exe
[2011/11/09 00:22:28 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2011/11/09 00:22:27 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011/11/09 00:21:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2011/11/09 00:21:00 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2011/11/09 00:21:00 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comp.exe
[2011/11/09 00:21:00 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\compact.exe
[2011/11/09 00:20:58 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\colorcpl.exe
[2011/11/09 00:20:57 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011/11/09 00:20:57 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cofire.exe
[2011/11/09 00:20:56 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
[2011/11/09 00:20:56 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011/11/09 00:20:55 | 000,466,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011/11/09 00:20:55 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clip.exe
[2011/11/09 00:20:55 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdkey.exe
[2011/11/09 00:20:54 | 000,326,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cleanmgr.exe
[2011/11/09 00:20:54 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011/11/09 00:20:54 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cliconfg.exe
[2011/11/09 00:20:53 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\choice.exe
[2011/11/09 00:20:53 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkntfs.exe
[2011/11/09 00:20:52 | 000,946,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011/11/09 00:20:52 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\charmap.exe
[2011/11/09 00:20:52 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkdsk.exe
[2011/11/09 00:20:51 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011/11/09 00:20:51 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011/11/09 00:20:46 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011/11/09 00:20:46 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2011/11/09 00:20:45 | 000,241,664 | ---- | M] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2011/11/09 00:20:45 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011/11/09 00:20:44 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2011/11/09 00:20:42 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011/11/09 00:20:41 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011/11/09 00:20:39 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/11/09 00:20:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
[2011/11/09 00:20:38 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
[2011/11/09 00:20:38 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2011/11/09 00:20:38 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/11/09 00:20:36 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AdapterTroubleshooter.exe
[2011/11/09 00:20:35 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2011/11/09 00:19:23 | 000,246,272 | ---- | M] () -- C:\Windows\sed.exe
[2011/11/09 00:19:20 | 000,425,984 | ---- | M] (Toshiba America Information Systems) -- C:\Windows\SavePOH.exe
[2011/11/09 00:19:19 | 004,591,616 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/11/09 00:19:19 | 001,339,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2011/11/09 00:19:08 | 000,403,968 | ---- | M] () -- C:\Windows\PEV.exe
[2011/11/09 00:15:49 | 000,462,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2011/11/09 00:15:48 | 000,645,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2011/11/09 00:15:43 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2011/11/09 00:14:57 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/11/09 00:08:50 | 000,195,072 | ---- | M] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2011/11/09 00:05:34 | 000,430,080 | ---- | M] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
[2011/11/08 23:35:12 | 000,638,976 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\cselect.exe
[2011/11/08 22:59:47 | 001,267,298 | ---- | M] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
[2011/11/08 22:53:30 | 005,292,544 | ---- | M] (ParetoLogic, Inc.) -- C:\Users\Steven User\Desktop\PCHA.exe
[2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
[2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2011/11/08 22:52:17 | 000,133,632 | ---- | M] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
[2011/11/06 23:35:41 | 000,001,100 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
[334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 23:47:40 | 2137,415,680 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/26 16:31:41 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ej23jnm23.dat
[2011/11/26 16:31:31 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocejmiaiw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\odej23moc.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\muhmiaol23.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\metroosehw.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\exeiuqolmis.dat
[2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ewqlldnolmia.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\otiuqarcjra.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocmuhmjila.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\niw46mia23.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\busmjnolexe.dat
[2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\46nololarc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\mia46mirmoc.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\arcotniwniw.dat
[2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\23hwmiamoc.dat
[2011/11/18 20:01:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F\isolate.ini
[2011/11/17 23:17:25 | 002,284,298 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/17 23:15:54 | 006,691,812 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
[2011/11/17 23:07:14 | 000,000,925 | ---- | C] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
[2011/11/17 22:52:39 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/17 22:52:39 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/17 22:52:11 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/11/17 22:52:11 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.cat
[2011/11/17 22:52:11 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.cat
[2011/11/17 22:52:11 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.cat
[2011/11/17 22:52:11 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/11/17 22:52:11 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/11/17 22:52:11 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.inf
[2011/11/17 22:52:11 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.inf
[2011/11/17 22:52:11 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/11/17 22:52:11 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.inf
[2011/11/17 22:52:11 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/11/17 22:52:11 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/11/17 22:52:11 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.inf
[2011/11/17 22:52:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
[2011/11/17 22:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.cat
[2011/11/17 20:30:31 | 000,001,927 | ---- | C] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
[2011/11/15 17:08:22 | 000,437,248 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\java.exe
[2011/11/12 01:33:53 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_77621.nl_
[2011/11/11 22:32:20 | 000,657,042 | ---- | C] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
[2011/11/08 23:52:09 | 000,775,673 | ---- | C] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
[2011/11/08 22:59:47 | 000,430,080 | ---- | C] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
[2011/11/08 22:57:40 | 000,001,814 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
[2011/11/08 22:57:32 | 001,818,624 | ---- | C] () -- C:\Windows\System32\System Security 2012v121.exe
[2011/11/08 22:53:33 | 000,000,340 | ---- | C] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
[2011/11/08 22:52:12 | 001,267,298 | ---- | C] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
[2011/11/08 22:52:12 | 000,133,632 | ---- | C] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
[2011/06/14 21:53:52 | 000,273,408 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2011/06/06 21:59:30 | 000,000,680 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
[2011/06/05 22:09:49 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~30531320r
[2011/06/05 22:09:48 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~30531320
[2011/06/05 22:08:44 | 000,000,392 | -H-- | C] () -- C:\ProgramData\30531320
[2011/06/05 17:51:42 | 000,001,100 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
[2011/05/28 01:09:00 | 076,004,920 | -H-- | C] () -- C:\ProgramData\xbejnmpolmid.dat
[2011/05/28 01:09:00 | 003,748,983 | -H-- | C] () -- C:\Windows\System32\32mnj32je.dat
[2011/05/28 01:09:00 | 003,412,402 | -H-- | C] () -- C:\Windows\System32\com32jedo.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\winwintocra.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comrim64aim.dat
[2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comaimwh32.dat
[2011/05/28 01:09:00 | 003,233,636 | -H-- | C] () -- C:\Windows\System32\wiaimjeco.dat
[2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\exelonjmsub.dat
[2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\alijmhumco.dat
[2011/05/28 01:09:00 | 002,938,007 | -H-- | C] () -- C:\Windows\System32\simloquiexe.dat
[2011/05/28 01:09:00 | 002,610,209 | -H-- | C] () -- C:\Windows\System32\arjcraquito.dat
[2011/05/28 01:09:00 | 002,554,671 | -H-- | C] () -- C:\Windows\System32\32aim64win.dat
[2011/05/28 01:09:00 | 002,499,132 | -H-- | C] () -- C:\Windows\System32\32loaimhum.dat
[2011/05/28 01:09:00 | 002,480,750 | -H-- | C] () -- C:\Windows\System32\cralolon64.dat
[2011/05/28 01:09:00 | 002,024,737 | -H-- | C] () -- C:\Windows\System32\aimlondllqwe.dat
[2011/05/28 01:09:00 | 002,016,254 | -H-- | C] () -- C:\Windows\System32\whesoortem.dat
[2011/05/28 01:09:00 | 001,512,735 | -H-- | C] () -- C:\ProgramData\dimlopmnjebx.dat
[2010/11/29 16:08:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/29 16:08:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/24 14:42:18 | 000,000,680 | ---- | C] () -- C:\Users\Steven\AppData\Local\d3d9caps.dat
[2010/09/30 14:47:29 | 000,403,968 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/30 14:47:29 | 000,246,272 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/30 14:47:29 | 000,215,552 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/30 14:47:29 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/30 14:47:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/10 20:45:27 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/07/28 23:18:47 | 000,003,584 | ---- | C] () -- C:\Users\Guest\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 19:20:27 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/12/03 19:20:27 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT
[2008/10/26 11:26:38 | 000,006,656 | ---- | C] () -- C:\Users\Steven User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/16 19:10:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/29 17:35:45 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/11/06 18:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/11/06 18:13:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/11/06 18:13:22 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/11/06 18:13:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/11/06 18:13:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/11/06 17:33:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/11/06 17:33:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/11/06 17:33:44 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/11/06 17:33:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/09/13 18:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 18:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 18:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 18:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/05 16:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,321,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,607,658 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,530 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\DriverCure
[2010/10/04 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\gtk-2.0
[2010/12/15 15:03:25 | 000,000,000 | -HSD | M] -- C:\Users\Steven\AppData\Roaming\Internet Security Suite
[2010/07/11 15:05:20 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\My Battle for Middle-earth Files
[2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\ParetoLogic
[2008/04/06 10:57:17 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\TOSHIBA
[2008/03/29 17:43:54 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WildTangent
[2008/04/06 10:55:30 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WinBatch
[2011/06/05 22:05:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\BitTorrent
[2010/12/07 15:45:17 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\DriverCure
[2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth Files
[2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth™ II Files
[2010/12/07 15:45:12 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\ParetoLogic
[2009/12/13 16:18:55 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WeatherBug
[2008/06/27 16:19:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WinBatch
[2011/01/13 03:07:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\2f8725
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/06/06 22:12:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Flip Video
[2010/12/08 18:35:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\ISVZJKWXPS
[2010/09/10 19:40:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\MSDXBJHHS
[2011/06/05 21:17:26 | 000,000,000 | -H-D | M] -- C:\ProgramData\Napster
[2011/11/26 17:58:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\ParetoLogic
[2011/11/17 22:36:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2007/12/11 08:36:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\Toshiba
[2011/06/06 22:12:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2011/06/06 22:12:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2009/03/15 14:23:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2007/12/11 08:13:39 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/05/02 13:17:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/14 23:59:59 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/10/01 00:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/09/10 21:54:55 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011/11/26 16:31:01 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< set /c >
ALLUSERSPROFILE=B:\Documents and Settings\All Users
APPDATA=B:\Documents and Settings\Default User\Application Data
ComputerName=Reatogo
ComSpec=X:\i386\system32\cmd.exe
DEVMGR_SHOW_DETAILS=1
DEVMGR_SHOW_NONPRESENT_DEVICES=1
OS=Windows_NT
Path=X:\i386;X:\i386\System32;X:\Bin;X:\i386\system32\com;X:\i386\system32\wbem;X:\i386\system32\wbem\snmp;X:\i386\PCHealth\HelpCtr\Binaries
PATHEXT=.COM;.EXE;.BAT;.CMD
ProfilesDir=B:\Documents and Settings
ProgramFiles=X:\Programs
PROMPT=$P$G
ramdrv=B:
RunScannerDir=X:\i386\System32
SystemDrive=X:
SystemRoot=X:\i386
TARGET_ROOT=C:\Windows
temp=B:
tmp=B:
USBroot=Y:
USERPROFILE=B:\Documents and Settings\Default User
windir=X:\i386


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/04/26 10:19:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/04/26 10:19:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/04/26 10:19:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\AppData\Local\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Steven User\Local Settings\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\AppData\Local\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\Application Data\temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Steven User\Local Settings\temp\RarSFX0\procs\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/11/09 00:15:32 | 003,074,560 | ---- | M] (Microsoft Corporation) MD5=57FC10BCCA2D47E4A8D707567F820262 -- C:\Windows\ERDNT\cache\explorer.exe
[2008/04/26 10:22:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\AppData\Local\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Steven User\Local Settings\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\AppData\Local\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\Application Data\temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Steven User\Local Settings\temp\RarSFX0\h\explorer.exe
[2008/04/26 10:22:01 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KR10N.SYS >
[2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6A4ADB9186DD0E114E623DAF57E42B31 -- C:\Windows\System32\drivers\KR10N.sys
[2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6A4ADB9186DD0E114E623DAF57E42B31 -- C:\Windows\System32\DriverStore\FileRepository\kr10.inf_c681c175\KR10N.sys
[2005/09/27 03:57:00 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\DriverStore\FileRepository\kr10n.inf_f8c77270\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: REGEDIT.EXE >
[2011/11/09 00:19:13 | 000,282,112 | ---- | M] (Microsoft Corporation) MD5=49E43059A1D0587071E9419AB3203C67 -- C:\Windows\regedit.exe
[2011/11/09 00:19:13 | 000,282,112 | ---- | M] (Microsoft Corporation) MD5=49E43059A1D0587071E9419AB3203C67 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006/11/02 04:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: USERINIT.EXE >
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2011/11/09 00:30:38 | 000,172,544 | ---- | M] (Microsoft Corporation) MD5=75B00749C454BD7697257BC40A5E48DA -- C:\Windows\System32\userinit.exe
[2011/11/09 00:30:38 | 000,172,544 | ---- | M] (Microsoft Corporation) MD5=75B00749C454BD7697257BC40A5E48DA -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\temp\RarSFX0\userinit.exe
[2011/11/09 00:15:35 | 000,172,544 | ---- | M] (Microsoft Corporation) MD5=F8BCA3EB6C319149E37439D014932198 -- C:\Windows\ERDNT\cache\userinit.exe

< MD5 for: UXTHEME.DLL >
[2008/01/19 02:36:47 | 000,240,128 | ---- | M] (Microsoft Corporation) MD5=999D69DEB576C2C424294DF025891CC6 -- C:\Windows\System32\uxtheme.dll
[2008/01/19 02:36:47 | 000,240,128 | ---- | M] (Microsoft Corporation) MD5=999D69DEB576C2C424294DF025891CC6 -- C:\Windows\winsxs\x86_microsoft-windows-uxtheme_31bf3856ad364e35_6.0.6001.18000_none_a5e49ad4068f9b12\uxtheme.dll
[2006/11/02 04:46:13 | 000,240,640 | ---- | M] (Microsoft Corporation) MD5=E340D47578B8CB8A86D3578EA50A3B83 -- C:\Windows\winsxs\x86_microsoft-windows-uxtheme_31bf3856ad364e35_6.0.6000.16386_none_a3add8d809a48a3e\uxtheme.dll

< MD5 for: WINLOGON.EXE >
[2011/11/09 00:15:36 | 000,462,336 | ---- | M] (Microsoft Corporation) MD5=84332134805D5E4CD9538AED1946EF6A -- C:\Windows\ERDNT\cache\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\AppData\Local\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Steven User\Local Settings\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\AppData\Local\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\Application Data\temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Steven User\Local Settings\temp\RarSFX0\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2010/09/10 22:21:24 | 000,000,927 | -H-- | M] () -- C:\0
[2010/12/08 17:00:50 | 000,000,230 | ---- | M] () -- C:\0.bak
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 02:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2007/11/06 15:41:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/12/08 17:23:15 | 000,023,084 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/11/28 11:16:07 | 2137,415,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/28 11:05:09 | 000,160,458 | ---- | M] () -- C:\OTL.Txt
[2011/11/28 11:16:04 | 2451,247,104 | -HS- | M] () -- C:\pagefile.sys
[2011/11/18 17:57:16 | 000,001,336 | ---- | M] () -- C:\serf_conf.txt

< %systemroot%\System32\config\*.sav >
[2007/11/06 15:41:12 | 006,602,752 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007/11/06 15:41:11 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007/11/06 15:41:13 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007/11/06 15:41:20 | 015,556,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007/11/06 15:41:21 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 02:34:21 | 000,142,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\fontext.dll
[2011/01/21 10:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\shell32.dll

< %systemroot%\Tasks\*.job >
[2011/08/14 23:59:59 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/10/01 00:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/09/10 21:54:55 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB19515$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\Windows\1970516416:1062112394.exe
< End of report >
  • 0

#15
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Where are you being assisted else than here?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP