Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 won't boot and Startup Repair can't fix the problem


  • This topic is locked This topic is locked

#16
AlanY

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
The scan is finally completed. There were 25 infected files. I saved the list of infected files in another text. I will post it if necessary.
Here is the log from ESET:
[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

  • 0

Advertisements


#17
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
I assume it fixed what it found.

Actually perhaps we better have a look just to make sure. :)
  • 0

#18
AlanY

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
No problem. Here is the list of infected files:
C:\Nero Autobackup\20110521_222537_Local Autobackup\C\Users\YaoTheHong\Documents\Appendical Programs\Nero.Multimedia.Suite.v10.5.Platinum.HD\Pre-installation Files\nms105phd.iso	a variant of Win32/Bundled.Toolbar.Ask.A application	deleted - quarantined
C:\Nero Autobackup\20110522_002531_Local Autobackup\C\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\OrbitDownloaderSetup.exe	Win32/OpenCandy application	cleaned by deleting - quarantined
C:\Nero Autobackup\20110522_002531_Local Autobackup\C\Users\YaoTheHong\Documents\Appendical Programs\Microsoft Office 2010 Professional Plus\Office 2010 Pro Plus extract\Crack\ACVTR.rar	a variant of Win32/HackKMS.A application	deleted - quarantined
C:\Nero Autobackup\20110522_002531_Local Autobackup\C\Users\YaoTheHong\Documents\Appendical Programs\Nero.Multimedia.Suite.v10.5.Platinum.HD\Pre-installation Files\nms105phd.iso	a variant of Win32/Bundled.Toolbar.Ask.A application	deleted - quarantined
C:\Nero Autobackup\20110524_005445_Local Autobackup\C\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\OrbitDownloaderSetup.exe	Win32/OpenCandy application	cleaned by deleting - quarantined
C:\Nero Autobackup\20110524_005445_Local Autobackup\C\Users\YaoTheHong\Documents\Appendical Programs\Microsoft Office 2010 Professional Plus\Office 2010 Pro Plus extract\Crack\ACVTR.rar	a variant of Win32/HackKMS.A application	deleted - quarantined
C:\Nero Autobackup\20110524_005445_Local Autobackup\C\Users\YaoTheHong\Documents\Appendical Programs\Nero.Multimedia.Suite.v10.5.Platinum.HD\Pre-installation Files\nms105phd.iso	a variant of Win32/Bundled.Toolbar.Ask.A application	deleted - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe	a variant of Win32/HiddenStart.A application	cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe	a variant of Win32/HiddenStart.A application	cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak	a variant of Win32/HiddenStart.A application	cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bk1	a variant of Win32/HiddenStart.A application	cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe	a variant of Win32/HiddenStart.A application	cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe	a variant of Win32/HiddenStart.A application	cleaned by deleting - quarantined
C:\Users\admin\Documents\Orbit Downloader\OrbitDownloaderSetup.exe	Win32/OpenCandy application	cleaned by deleting - quarantined
C:\Users\Ajnim\Documents\Appendical Programs\Orbit Downloader\cbsidlm-tr1_5-Orbit_Downloader-10600926.exe	multiple threats	cleaned by deleting - quarantined
C:\Users\YaoTheHong\Documents\Appendical Programs\BleachBit 0.9.5\cbsidlm-tr1_10a-BleachBit-SEO-75206153.exe	Win32/DownloadAdmin.G application	cleaned by deleting - quarantined
C:\Users\YaoTheHong\Documents\Appendical Programs\Daemon Tools Lite\DTLite4451-0236.exe	Win32/OpenCandy application	cleaned by deleting - quarantined
C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader 4.0.0.10\OrbitDownloaderSetup.exe	Win32/OpenCandy application	cleaned by deleting - quarantined
C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader 4.1.0.6\OrbitDownloaderSetup.exe	Win32/OpenCandy application	cleaned by deleting - quarantined
C:\Users\YaoTheHong\Documents\Appendical Programs\Mei Tu Xiu Xiu 3.7.0 (NOT INSTALLED)\XiuXiu_360Setup_3.7.0.exe	a variant of Win32/Hao123.A application	cleaned by deleting - quarantined
C:\Users\YaoTheHong\Documents\Appendical Programs\Microsoft Office 2010 Professional Plus\Office 2010 Pro Plus extract\Crack\ACVTR.rar	a variant of Win32/HackKMS.A application	deleted - quarantined
C:\Users\YaoTheHong\Documents\Appendical Programs\Nero.Multimedia.Suite.v10.5.Platinum.HD (NOT INSTALLED)\Pre-installation Files\nms105phd.iso	a variant of Win32/Bundled.Toolbar.Ask.A application	deleted - quarantined
C:\Users\YaoTheHong\Documents\Appendical Programs\Nero.Multimedia.Suite.v10.5.Platinum.HD (NOT INSTALLED)\Pre-installation Files\Nero Multimedia Suite v10.5 Platinum HD\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe	a variant of Win32/Bundled.Toolbar.Ask.A application	cleaned by deleting - quarantined
C:\Users\YaoTheHong\Documents\Info Center\Experts Help\11-02 Malware - Unable to Connect Internet, Uncontrollable Shutdowns\Hiren's Mini XP Repair Work in Progress\Hiren's Boot CD\Hiren's.BootCD.15.1.iso	Win32/PSWTool.KonBoot.A application	deleted - quarantined
C:\Users\YaoTheHong\Documents\Info Center\Experts Help\11-02 Malware - Unable to Connect Internet, Uncontrollable Shutdowns\Hiren's Mini XP Repair Work in Progress\Hiren's Boot CD ISO\HBCD\Boot\konboot.gz	Win32/PSWTool.KonBoot.A application	deleted - quarantined

By the way, the window "Libraries" and program "Dell Webcam Central" pop out every time my laptop boots. Is there a way to control it?
  • 0

#19
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

By the way, the window "Libraries" and program "Dell Webcam Central" pop out every time my laptop boots. Is there a way to control it?


Seems to be a systemic problem with Dell.

See links below for solutions:

http://answers.yahoo...08185141AAHaEwc

Scroll to the bottom for this one posted by Sean Brown.

http://en.community....8/19614870.aspx

How is your computer now?
  • 0

#20
AlanY

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
My computer is fine now. It works as if the hard drive had not failed. I have switched off Webcam Central at msconfig. But I couldnt find the switch for "Library", and the window still pops up every startup.
  • 0

#21
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Hmm... could be something corrupted or needing adjustment but also might be some malware leftover lurking.

By the way please just post you logs in the forum normally. Don't use code tags... it makes it harder to analyze lol.

Let's do this:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#22
AlanY

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
I scanned my laptop using Malwarebytes and it found an infection. I restarted the computer as prompted. However, "Library" still pops up. Here is the log:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.07.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
admin :: BOMBOMCHA [administrator]

8/4/2013 4:22:30 AM
mbam-log-2013-04-08 (04-22-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 287084
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\admin\AppData\Local\Temp\services.exe.mui (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)
  • 0

#23
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Let's have another look then:

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
Note: If the log doesn't appear where you saved OTL when you downloaded it, then a copy of the OTL log is saved in a text file at

C:\_OTL\MovedFiles
  • 0

#24
AlanY

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Alright. Another thing I noticed is that Windows 7 keeps updating itself/ installing updates every time I shut down. This is the OTL log..

OTL logfile created on: 9/4/2013 12:07:46 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

3.93 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 60.57% Memory free
7.87 Gb Paging File | 6.12 Gb Available in Paging File | 77.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 77.60 Gb Free Space | 17.20% Space Free | Partition Type: NTFS

Computer Name: BOMBOMCHA | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/03 14:58:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/01/27 22:38:26 | 000,037,088 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
PRC - [2013/01/27 22:38:26 | 000,032,480 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
PRC - [2013/01/27 20:16:48 | 000,140,512 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2012/12/18 22:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/04 04:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010/12/23 18:48:02 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/11/02 12:40:30 | 002,006,664 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2010/11/02 12:40:30 | 000,093,832 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010/11/02 12:40:28 | 002,428,552 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2010/07/01 12:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/07/01 12:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/04/27 13:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/06/09 22:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/04 08:42:17 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a5784c350d13402e975dfe84ec3f180b\IAStorUtil.ni.dll
MOD - [2013/04/04 08:41:55 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\87fb0dbe6f9550b3e95f2aa0d124f726\System.Core.ni.dll
MOD - [2013/04/04 08:24:58 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f5fdab6574ba915d378620157d84727e\PresentationFramework.Aero.ni.dll
MOD - [2013/04/04 08:24:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7cce39782300219e1130698e8fbc30c\System.Runtime.Remoting.ni.dll
MOD - [2013/04/04 08:24:19 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4dc0c1f43d69069d8245efb77f971731\PresentationFramework.ni.dll
MOD - [2013/04/04 08:23:58 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\075549b8a14c0f23ccebd72e89721f85\System.Windows.Forms.ni.dll
MOD - [2013/04/04 08:23:52 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\287e0f73a2bb79d6ba7f6141d6914bab\System.Drawing.ni.dll
MOD - [2013/04/04 08:23:49 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\802842f94f331623b759edc5bdff47d4\PresentationCore.ni.dll
MOD - [2013/04/04 08:23:40 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\5937ee228d11266a0a60cffeac95fd07\WindowsBase.ni.dll
MOD - [2013/04/04 08:23:33 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\1a8cdc51e5752c5ef72b8677017df8c9\System.Xml.ni.dll
MOD - [2013/04/04 08:23:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f1d29cd3d9de9febda2ea12ab2796666\System.Configuration.ni.dll
MOD - [2013/04/04 08:23:28 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\98b49167a3373cf333d4c89ac47dcefb\System.ni.dll
MOD - [2013/04/04 08:23:16 | 011,493,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2866646f2e764e809451219352b63ef0\mscorlib.ni.dll
MOD - [2012/02/11 07:31:42 | 001,737,496 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/11/02 12:40:34 | 000,087,176 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2010/11/02 12:40:30 | 000,057,480 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2010/11/02 12:40:24 | 000,248,968 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/07 04:38:36 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/03/05 10:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 10:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 10:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 22:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/04/03 14:35:09 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/27 22:38:26 | 000,037,088 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
SRV - [2013/01/27 20:16:48 | 000,140,512 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 22:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/14 08:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/08/04 04:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011/01/18 03:48:47 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/12/23 18:48:02 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/02 12:40:28 | 002,428,552 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/09/04 15:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/09/04 15:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/26 10:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/07/01 12:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/07/01 12:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/06/26 01:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/19 04:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/08 23:39:14 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/01/09 21:46:02 | 000,095,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttps.sys -- (NNSHTTPS)
DRV:64bit: - [2012/11/28 14:04:05 | 000,232,488 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSStrm.sys -- (NNSSTRM)
DRV:64bit: - [2012/11/28 14:04:04 | 000,069,160 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV:64bit: - [2012/11/26 16:49:11 | 000,105,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNStlsc.sys -- (NNSTLSC)
DRV:64bit: - [2012/11/26 16:49:10 | 000,116,776 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPrv.sys -- (NNSPRV)
DRV:64bit: - [2012/11/26 16:49:10 | 000,114,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV:64bit: - [2012/11/26 16:49:09 | 000,306,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSProt.sys -- (NNSPROT)
DRV:64bit: - [2012/11/26 16:49:09 | 000,118,312 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPop3.sys -- (NNSPOP3)
DRV:64bit: - [2012/11/26 16:49:08 | 000,094,248 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSpicc.sys -- (NNSPICC)
DRV:64bit: - [2012/11/26 16:49:07 | 000,114,728 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttp.sys -- (NNSHTTP)
DRV:64bit: - [2012/11/26 16:49:07 | 000,114,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSIds.sys -- (NNSIDS)
DRV:64bit: - [2012/11/26 16:49:07 | 000,089,640 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSAlpc.sys -- (NNSALPC)
DRV:64bit: - [2012/11/09 19:01:13 | 000,204,328 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2012/11/09 19:01:13 | 000,133,160 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2012/11/09 19:01:13 | 000,123,944 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2012/11/09 19:01:12 | 000,167,976 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2012/11/09 19:01:12 | 000,119,848 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2012/11/07 09:00:05 | 000,058,360 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2012/10/22 12:09:23 | 000,033,320 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/04 04:27:28 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011/06/24 12:10:54 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/16 00:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/02 10:36:40 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/12 04:40:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/09/27 14:13:16 | 000,169,048 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/08/20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/20 06:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/08/13 00:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/07/15 12:54:20 | 001,381,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/07/12 18:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/06/26 01:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/23 17:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/31 12:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/04/27 12:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 12:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/19 17:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/03 02:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/24 08:55:10 | 000,011,264 | ---- | M] (Primax Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NMgamingms.sys -- (NMgamingmsFltr)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/09/25 10:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2007/06/28 11:47:14 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64)
DRV:64bit: - [2006/11/02 02:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell....c=my&l=en&s=gen
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8E1AF467-5FE7-4E58-9631-B63F1BA5F025}: "URL" = http://malaysia.sear...p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:1.12
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.0
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..extensions.enabledAddons: {D19CA586-DD6C-4a0a-96F8-14644F340D60}:14.4.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2013/04/02 13:48:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\YaoTheHong\Documents\Appendical Programs\FreeMake Video Converter v2.1.3.0\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/04/02 14:18:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Users\Ajnim\Documents\Appendical Programs\Mozilla Firefox\components [2013/04/02 14:11:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Users\Ajnim\Documents\Appendical Programs\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Users\YaoTheHong\Documents\Appendical Programs\Mozilla Firefox\components [2013/04/02 14:18:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Users\YaoTheHong\Documents\Appendical Programs\Mozilla Firefox\plugins

[2011/11/28 13:06:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
[2013/04/02 14:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uuc5hb10.default\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
File not found (No name found) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013/04/02 13:48:14 | 000,000,000 | ---D | M] (FastAccess Web Login) -- C:\PROGRAM FILES (X86)\SENSIBLE VISION\FAST ACCESS\XPCOM_FASSO
[2013/04/02 14:18:02 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\USERS\YAOTHEHONG\DOCUMENTS\APPENDICAL PROGRAMS\FREEMAKE VIDEO CONVERTER V2.1.3.0\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www1.ap.dell....c=my&l=en&s=gen
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/10 13:40:03 | 000,438,443 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15078 more lines...
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Users\YaoTheHong\My Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Users\YaoTheHong\My Documents\Appendical Programs\Spybot SD 1.6.2\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Users\YaoTheHong\My Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Users\YaoTheHong\My Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Users\YaoTheHong\My Documents\Appendical Programs\Spybot SD 1.6.2\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78A71A00-BC74-4F42-904C-6612B42C1F19}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/07 03:59:48 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/08 23:34:58 | 000,058,360 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSKMAD.sys
[2013/04/07 15:38:30 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/07 15:38:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/05 03:08:32 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/04/04 03:48:29 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013/04/04 03:48:29 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013/04/04 03:37:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/04/04 03:37:39 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/04/04 03:37:39 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/04/04 03:37:38 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/04/04 03:36:07 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013/04/04 03:36:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013/04/04 03:36:05 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013/04/04 03:36:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013/04/04 03:32:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/04 03:32:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/04 03:32:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/04 03:32:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/04 03:32:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/04 03:32:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/04 03:32:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/04 03:32:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/04 03:32:37 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/04 03:32:37 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/04 03:32:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/04 03:32:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/04 03:32:35 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/04 03:32:35 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/04 03:32:35 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/03 15:24:14 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/03 15:24:12 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/03 15:24:11 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/03 15:23:58 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/04/03 15:23:58 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/04/03 15:23:37 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013/04/03 15:23:36 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013/04/03 15:23:36 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013/04/03 15:22:47 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013/04/03 15:22:46 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/04/03 15:22:44 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013/04/03 15:22:44 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013/04/03 15:22:44 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013/04/03 15:22:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013/04/03 15:22:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013/04/03 15:22:28 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013/04/03 15:22:28 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/04/03 15:22:28 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013/04/03 15:22:28 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013/04/03 15:22:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013/04/03 15:22:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013/04/03 15:20:37 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/04/03 15:20:37 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/04/03 15:20:35 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/04/03 15:20:33 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/04/03 15:20:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/04/03 15:20:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/04/03 15:20:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/04/03 15:20:25 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/04/03 15:20:25 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/04/03 15:20:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/04/03 15:20:20 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013/04/03 15:20:16 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/04/03 15:20:06 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013/04/03 15:20:06 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/04/03 15:19:58 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/04/03 15:19:58 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/04/03 15:19:58 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/04/03 15:19:58 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/04/03 15:19:58 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/04/03 15:19:58 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/04/03 15:19:58 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/04/03 15:19:58 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/04/03 15:19:58 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/04/03 15:19:58 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/04/03 15:19:58 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/04/03 15:19:58 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/04/03 15:19:58 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/04/03 15:19:58 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/04/03 15:19:58 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/04/03 15:19:58 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/04/03 15:19:58 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/04/03 15:19:58 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/04/03 15:19:58 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/04/03 15:19:57 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/04/03 15:19:57 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/04/03 15:19:57 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/04/03 15:19:57 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/04/03 15:19:56 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/04/03 15:19:54 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/04/03 15:19:54 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/04/03 15:19:54 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/04/03 15:19:54 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/04/03 15:19:54 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/04/03 15:19:54 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/04/03 15:19:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/04/03 15:19:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/04/03 15:17:55 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013/04/03 15:17:36 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/04/03 15:17:36 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/04/03 15:17:35 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/04/03 15:17:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/04/03 15:17:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/04/03 15:17:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/04/03 15:17:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/04/03 15:17:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/04/03 15:17:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/04/03 15:17:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/04/03 15:17:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/04/03 15:17:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/04/03 15:17:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/04/03 15:17:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/04/03 15:17:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/04/03 15:17:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/04/03 15:17:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/04/03 15:17:32 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/04/03 15:17:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/04/03 15:17:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/04/03 15:17:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/04/03 15:17:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/04/03 15:17:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/04/03 15:17:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/04/03 15:17:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/04/03 15:17:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/04/03 15:17:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/04/03 15:17:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/04/03 15:17:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/04/03 15:17:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/04/03 15:17:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/04/03 15:17:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/04/03 15:17:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/04/03 15:17:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/04/03 15:17:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/04/03 15:17:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/04/03 15:17:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/04/03 15:17:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/04/03 15:17:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/04/03 15:17:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/04/03 15:17:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/04/03 15:17:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/04/03 15:17:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/04/03 15:17:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/04/03 15:17:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/04/03 15:17:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/04/03 15:17:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/04/03 15:17:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/04/03 15:17:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/04/03 15:17:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/04/03 15:17:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/04/03 15:17:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/04/03 15:17:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/04/03 15:17:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/04/03 15:17:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/04/03 15:17:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/04/03 15:17:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/04/03 15:17:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/04/03 15:17:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/04/03 15:17:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/04/03 15:17:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/04/03 15:17:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/04/03 15:17:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/04/03 15:15:38 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/04/03 15:15:38 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/04/03 15:15:34 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/04/03 15:15:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013/04/03 15:15:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013/04/03 15:15:21 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013/04/03 15:15:17 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013/04/03 15:15:02 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2013/04/03 15:15:00 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2013/04/03 15:14:46 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/04/03 15:14:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2013/04/03 15:14:09 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/04/03 15:14:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/04/03 14:58:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2013/04/03 14:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2013/04/03 14:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2013/04/03 14:45:54 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Orbit Downloader
[2013/04/03 14:44:55 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Panda Cloud Antivirus 2.1.1
[2013/04/03 04:53:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\OEM
[2013/04/03 04:17:57 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2013/04/03 03:58:19 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2013/04/02 15:33:21 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/04/02 15:33:21 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/04/02 15:33:21 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013/04/02 15:33:08 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/04/02 15:33:08 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/04/02 15:33:08 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013/04/02 15:32:46 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/04/02 15:32:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/04/02 15:19:34 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/04/02 13:10:32 | 000,000,000 | --SD | C] -- C:\Users\admin\AppData\Roaming\Microsoft
[2013/04/02 13:10:32 | 000,000,000 | R--D | C] -- C:\Users\admin\Videos
[2013/04/02 13:10:32 | 000,000,000 | R--D | C] -- C:\Users\admin\Saved Games
[2013/04/02 13:10:32 | 000,000,000 | R--D | C] -- C:\Users\admin\Pictures
[2013/04/02 13:10:32 | 000,000,000 | R--D | C] -- C:\Users\admin\Music
[2013/04/02 13:10:32 | 000,000,000 | R--D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/04/02 13:10:32 | 000,000,000 | R--D | C] -- C:\Users\admin\Links
[2013/04/02 13:10:32 | 000,000,000 | R--D | C] -- C:\Users\admin\Favorites
[2013/04/02 13:10:32 | 000,000,000 | R--D | C] -- C:\Users\admin\Downloads
[2013/04/02 13:10:32 | 000,000,000 | R--D | C] -- C:\Users\admin\Documents
[2013/04/02 13:10:32 | 000,000,000 | R--D | C] -- C:\Users\admin\Desktop
[2013/04/02 13:10:32 | 000,000,000 | R--D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/04/02 13:10:32 | 000,000,000 | -HSD | C] -- C:\Users\admin\AppData\Local\Temporary Internet Files
[2013/04/02 13:10:32 | 000,000,000 | -HSD | C] -- C:\Users\admin\Templates
[2013/04/02 13:10:32 | 000,000,000 | -HSD | C] -- C:\Users\admin\Start Menu
[2013/04/02 13:10:32 | 000,000,000 | -HSD | C] -- C:\Users\admin\SendTo
[2013/04/02 13:10:32 | 000,000,000 | -HSD | C] -- C:\Users\admin\Recent
[2013/04/02 13:10:32 | 000,000,000 | -HSD | C] -- C:\Users\admin\PrintHood
[2013/04/02 13:10:32 | 000,000,000 | -HSD | C] -- C:\Users\admin\NetHood
[2013/04/02 13:10:32 | 000,000,000 | -HSD | C] -- C:\Users\admin\Documents\My Videos
[2013/04/02 13:10:32 | 000,000,000 | -HSD | C] -- C:\Users\admin\Documents\My Pictures
[2013/04/02 13:10:32 | 000,000,000 | -HSD | C] -- C:\Users\admin\Documents\My Music
[2013/04/02 13:10:32 | 000,000,000 | -HSD | C] -- C:\Users\admin\My Documents
[2013/04/02 13:10:32 | 000,000,000 | -HSD | C] -- C:\Users\admin\Local Settings
[2013/04/02 13:10:32 | 000,000,000 | -HSD | C] -- C:\Users\admin\AppData\Local\History
[2013/04/02 13:10:32 | 000,000,000 | -HSD | C] -- C:\Users\admin\Cookies
[2013/04/02 13:10:32 | 000,000,000 | -HSD | C] -- C:\Users\admin\Application Data
[2013/04/02 13:10:32 | 000,000,000 | -HSD | C] -- C:\Users\admin\AppData\Local\Application Data
[2013/04/02 13:10:32 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData
[2013/04/02 13:10:32 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Temp
[2013/04/02 13:10:32 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Microsoft
[2013/04/02 13:10:32 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Media Center Programs
[2013/04/02 13:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013/04/02 13:08:01 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/04/02 13:07:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2013/04/02 13:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/04/02 13:06:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013/04/02 13:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/04/02 13:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/04/02 13:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/04/02 13:05:13 | 000,021,616 | ---- | C] (ST Microelectronics) -- C:\Windows\SysNative\drivers\stdcfltn.sys
[2013/04/02 13:05:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/04/02 13:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\STMicroelectronics
[2013/04/01 20:57:25 | 002,578,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013/04/01 20:57:25 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013/04/01 20:57:25 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013/04/01 20:57:25 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013/04/01 20:57:24 | 002,369,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013/04/01 20:57:24 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013/04/01 20:57:24 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013/04/01 20:57:23 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013/04/01 20:57:22 | 002,839,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013/04/01 20:57:22 | 000,376,936 | ---- | C] (Realtek Semiconductor) -- C:\Windows\SysNative\RtkGuiCompLib.dll
[2013/04/01 20:57:22 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013/04/01 20:57:21 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013/04/01 20:57:21 | 000,820,224 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCORES64.dat
[2013/04/01 20:57:21 | 000,648,296 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013/04/01 20:57:21 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013/04/01 20:57:21 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013/04/01 20:57:21 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013/04/01 20:57:21 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013/04/01 20:57:21 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013/04/01 20:57:21 | 000,084,072 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2013/04/01 20:57:21 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013/04/01 20:57:20 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013/04/01 20:57:20 | 001,868,944 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2013/04/01 20:57:20 | 000,876,120 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll
[2013/04/01 20:57:20 | 000,738,392 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll
[2013/04/01 20:57:20 | 000,702,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek2.dll
[2013/04/01 20:57:20 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013/04/01 20:57:20 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013/04/01 20:57:20 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013/04/01 20:57:20 | 000,080,984 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll
[2013/04/01 20:57:20 | 000,064,600 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll
[2013/04/01 20:57:20 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll
[2013/04/01 20:57:17 | 001,943,616 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013/04/01 20:57:17 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013/04/01 20:57:17 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013/04/01 20:57:17 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013/04/01 20:57:17 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013/04/01 20:57:17 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013/04/01 20:57:17 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013/04/01 20:57:17 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013/04/01 20:57:17 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013/04/01 20:57:17 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013/04/01 20:57:17 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013/04/01 20:57:17 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013/04/01 20:57:17 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013/04/01 20:57:17 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013/04/01 20:57:17 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013/04/01 20:54:39 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64hda.dll
[2013/04/01 20:54:39 | 000,155,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013/04/01 20:54:39 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013/04/01 20:54:38 | 001,614,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642090.dll
[2013/04/01 20:54:38 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642040.dll
[2013/04/01 20:44:59 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/04/01 20:44:01 | 000,000,000 | ---D | C] -- C:\Dell
[2013/04/01 20:41:31 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\InstallShield
[2013/04/01 20:04:40 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\iExpert Software
[2013/04/01 19:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2013/04/01 19:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/04/01 19:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013/04/01 19:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/04/01 18:21:00 | 000,344,680 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013/04/01 18:21:00 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2013/04/01 18:09:58 | 000,158,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\Impcd.sys
[2013/04/01 18:08:33 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Diagnostics
[2013/04/01 15:58:03 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\ParetoLogic
[2013/04/01 15:58:03 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\DriverCure
[2013/04/01 15:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/04/01 15:24:48 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\GlarySoft
[2013/04/01 14:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
[2013/03/29 13:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/09 00:06:18 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/08 23:57:05 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001UA.job
[2013/04/08 23:50:04 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/08 23:42:31 | 000,779,016 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/08 23:42:31 | 000,664,544 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/08 23:42:31 | 000,124,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/08 23:42:22 | 000,019,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/08 23:42:21 | 000,019,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/08 23:39:14 | 000,279,616 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/04/08 23:35:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/08 23:33:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/08 23:33:36 | 3168,043,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/08 04:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/04/06 14:57:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001Core.job
[2013/04/06 02:13:10 | 000,000,000 | ---- | M] () -- C:\ProgramData\0x0304A000.sfl
[2013/04/05 10:00:00 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013/04/04 08:20:13 | 000,506,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/04 03:30:56 | 000,764,992 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/03 14:58:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2013/04/03 14:35:08 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/03 14:35:08 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/03 14:33:41 | 000,002,285 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/03 14:33:40 | 000,002,261 | ---- | M] () -- C:\Users\admin\Desktop\Google Chrome.lnk
[2013/04/02 15:21:19 | 000,001,443 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/02 15:13:37 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/04/02 15:13:37 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/04/02 14:49:49 | 000,022,744 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2013/04/02 13:09:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/04/02 13:07:14 | 000,074,462 | ---- | M] () -- C:\Windows\SysNative\drivers\RTWAVES30.dat
[2013/04/02 13:05:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/04/02 10:24:28 | 000,004,158 | ---- | M] () -- C:\Users\admin\Desktop\Windows Compatibility Report.htm
[2013/04/02 10:22:12 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/04/02 10:22:12 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/06 02:13:10 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2013/04/04 03:48:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/04/04 03:36:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/04/04 03:30:56 | 000,764,992 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/02 15:21:19 | 000,001,415 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/04/02 15:21:11 | 000,001,449 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/04/02 15:15:45 | 3168,043,008 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/02 14:49:49 | 000,022,744 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2013/04/02 13:10:32 | 000,000,290 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/04/02 13:10:32 | 000,000,272 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/04/02 13:09:40 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/04/02 13:09:38 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/04/02 13:09:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/04/02 13:07:14 | 000,074,462 | ---- | C] () -- C:\Windows\SysNative\drivers\RTWAVES30.dat
[2013/04/02 13:05:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/04/02 10:11:28 | 000,004,158 | ---- | C] () -- C:\Users\admin\Desktop\Windows Compatibility Report.htm
[2013/04/02 10:09:53 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013/04/02 10:09:53 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2013/04/01 20:54:38 | 000,010,932 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/04/01 18:21:00 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013/03/29 12:57:01 | 000,002,261 | ---- | C] () -- C:\Users\admin\Desktop\Google Chrome.lnk

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Edited by AlanY, 08 April 2013 - 10:33 AM.

  • 0

#25
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Hello AlanY,

Is there any more information you can see when that Library pop up comes. I am wondering what it relates to, I thought it might be some Dell utility but maybe not.

Also please do this:

Please download Event Viewer by Vino Rosso and save it to your desktop.
  • Double-click VEW.exe (with Vista or later right click and run as administrator)
  • Under 'Select log to query', Check the System box
  • Under 'Select type to list', Check Error & Warning boxes
  • Under Number or date of Events > 'Number of events' Type 20 in the 1 to 20 box
  • Click the Run button.
Notepad will open with a log. Please post the log back here.
  • 0

Advertisements


#26
AlanY

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi GeekU Moderator,
I couldn't think of any other abnormally when Library pops up. Here is a picture of what I see every time I load Windows 7 on my new hard disk.

Library popup.jpg

By the way, my new hard drive has a smaller size compared to the ole one. Now it's 77 GB free of 451 GB. Could the smaller hard drive be related to this problem and windows constantly updating itself?

This is the log for VEW..

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 09/04/2013 2:24:55 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/04/2013 11:18:41 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 29/03/2013 3:08:26 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/12/2012 12:11:57 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 29/11/2012 1:29:46 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/11/2012 1:14:19 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SILVERMARE (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 12/11/2012 1:14:19 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 11/11/2012 2:53:17 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SILVERMARE (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 11/11/2012 2:53:17 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/04/2013 6:20:50 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Log: 'System' Date/Time: 09/04/2013 6:20:20 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Log: 'System' Date/Time: 08/04/2013 5:06:25 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 08/04/2013 5:06:06 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2742595).

Log: 'System' Date/Time: 08/04/2013 5:05:54 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2737019).

Log: 'System' Date/Time: 08/04/2013 5:05:38 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2789642).

Log: 'System' Date/Time: 08/04/2013 5:05:11 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2729449).

Log: 'System' Date/Time: 08/04/2013 5:04:45 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2736428).

Log: 'System' Date/Time: 08/04/2013 4:31:41 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Log: 'System' Date/Time: 08/04/2013 4:06:46 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Log: 'System' Date/Time: 08/04/2013 3:34:12 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: %%-2147467243

Log: 'System' Date/Time: 08/04/2013 3:34:12 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Application Virtualization Client service terminated with the following error: %%-2147467243

Log: 'System' Date/Time: 07/04/2013 8:36:25 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2742595).

Log: 'System' Date/Time: 07/04/2013 8:36:12 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2737019).

Log: 'System' Date/Time: 07/04/2013 8:36:00 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2789642).

Log: 'System' Date/Time: 07/04/2013 8:35:34 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2729449).

Log: 'System' Date/Time: 07/04/2013 8:35:05 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2736428).

Log: 'System' Date/Time: 07/04/2013 8:18:55 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Log: 'System' Date/Time: 07/04/2013 7:02:46 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2742595).

Log: 'System' Date/Time: 07/04/2013 7:02:16 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2737019).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/04/2013 6:19:30 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 08/04/2013 5:06:25 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 08/04/2013 3:34:12 PM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Application Virtualization Client service. The Service Control Manager launched process 3464 and process 1772 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.

Log: 'System' Date/Time: 08/04/2013 3:34:05 PM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Windows Live ID Sign-in Assistant service. The Service Control Manager launched process 1772 and process 1736 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.

Log: 'System' Date/Time: 08/04/2013 3:33:39 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 07/04/2013 8:27:41 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 07/04/2013 4:12:35 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 07/04/2013 7:13:38 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 06/04/2013 4:55:33 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 06/04/2013 12:33:49 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 06/04/2013 10:40:18 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.its.monash.edu.au timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/04/2013 9:53:40 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.its.monash.edu.au timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/04/2013 9:52:47 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/04/2013 9:20:42 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.its.monash.edu.au timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/04/2013 8:47:24 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 5-pct.channel.facebook.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/04/2013 8:34:42 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.its.monash.edu.au timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/04/2013 8:33:31 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/04/2013 5:35:13 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 05/04/2013 4:46:55 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ipv6.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 04/04/2013 2:32:31 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name profile.ak.fbcdn.net timed out after none of the configured DNS servers responded.

Edited by AlanY, 09 April 2013 - 12:40 AM.

  • 0

#27
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
That's helpful.

What is opening is Windows Explorer.

Open Windows Explorer (bottom left beside the Start orb) go to Organize > Folder and Search Options > View and scroll down and see if the box beside Restore previous folder windows at logon is checked.

If it is checked, then uncheck it. Reboot and see if the window comes up. If it isn't checked then tell me.
  • 0

#28
AlanY

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
The box for Restore previous folder windows at logon is already unchecked. I rechecked and unchecked the box just to see how it would turn out but Windows Exporer still pops up after I rebooted my laptop.
  • 0

#29
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
  • 0

#30
AlanY

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
This is the log for SystemLook..

SystemLook 30.07.11 by jpshortstuff
Log created at 03:47 on 11/04/2013 by admin
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"="1"
"PreCreateKnownFolders"="{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
"VMApplet"="SystemPropertiesPerformance.exe /pagefile"
"AutoRestartShell"= 0x0000000001 (1)
"Background"="0 0 0"
"CachedLogonsCount"="10"
"DebugServerCommand"="no"
"ForceUnlockLogon"= 0x0000000000 (0)
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PasswordExpiryWarning"= 0x0000000005 (5)
"PowerdownAfterShutdown"="0"
"ShutdownWithoutLogon"="0"
"WinStationsDisabled"="0"
"DisableCAD"= 0x0000000001 (1)
"scremoveoption"="0"
"ShutdownFlags"= 0x0000000073 (115)
"Shell"="Explorer.exe"
"USERINIT"="C:\Windows\system32\userinit.exe,C:\Windows\SysWOW64\userinit.exe,"
"AutoAdminLogon"="0"
"DefaultUserName"="admin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ShellState"=24 00 00 00 30 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 12 00 00 00 00 00 00 00 32 00 00 00 (REG_BINARY)
"ExplorerStartupTraceRecorded"= 0x0000000001 (1)
"CleanShutdown"= 0x0000000000 (0)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ApplicationDestinations]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDSave]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\LowRegistry]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\NewShortcutHandlers]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo]


-= EOF =-
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP